From 0f4ca4237d8389a6688616ace6b83a2154212132 Mon Sep 17 00:00:00 2001
From: acognet <anne-catherine.cognet@combodo.com>
Date: Thu, 14 Oct 2021 10:13:37 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B04362=20-=20XSS=20in=20ajax.render.php=3F?=
 =?UTF-8?q?operation=3Dwizard=5Fhelper=20on=20develop?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/wizardhelper.class.inc.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/application/wizardhelper.class.inc.php b/application/wizardhelper.class.inc.php
index 2985db328..69557ce3e 100644
--- a/application/wizardhelper.class.inc.php
+++ b/application/wizardhelper.class.inc.php
@@ -350,7 +350,8 @@ class WizardHelper
 	 */
 	public function GetJsForUpdateFields()
 	{
-		$sWizardHelperJsVar = ($this->m_aData['m_sWizHelperJsVarName']) ?? 'oWizardHelper'.$this->GetFormPrefix();
+		$sWizardHelperJsVar = (!is_null($this->m_aData['m_sWizHelperJsVarName'])) ? utils::Sanitize($this->m_aData['m_sWizHelperJsVarName'], utils::ENUM_SANITIZATION_FILTER_PARAMETER) : 'oWizardHelper'.$this->GetFormPrefix();
+		//str_replace(['(', ')', ';'], '', $this->m_aData['m_sWizHelperJsVarName']) : 'oWizardHelper'.$this->GetFormPrefix();
 		$sWizardHelperJson = $this->ToJSON();
 
 		return <<<JS