3421ff97909c794839a731e68eb8910a8dea7cc2.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

From 3421ff97909c794839a731e68eb8910a8dea7cc2 Mon Sep 17 00:00:00 2001
From: Johan Cwiklinski <jcwiklinski@teclib.com>
Date: Thu, 1 Mar 2018 09:26:04 +0100
Subject: [PATCH] Escape get keys to prevent possible xss

---
 inc/html.class.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inc/html.class.php b/inc/html.class.php
index a985db5250..bcf1ab4c0c 100644
--- a/inc/html.class.php
+++ b/inc/html.class.php
@@ -4096,6 +4096,7 @@ static function printCleanArray($tab, $pad=0,$jsexpand=false) {
          echo "<tr><th>KEY</th><th>=></th><th>VALUE</th></tr>";
 
          foreach ($tab as $key => $val) {
+            $key = Toolbox::clean_cross_side_scripting_deep($key);
             echo "<tr class='tab_bg_1'><td class='top right'>";
             echo $key;
             $is_array = is_array($val);