From 4b7f736af0f8b2cf2f5803cf135306958eef9905 Mon Sep 17 00:00:00 2001
From: Stephen Abello <stephen.abello@combodo.com>
Date: Thu, 6 Feb 2020 14:50:27 +0100
Subject: [PATCH] =?UTF-8?q?N=C2=B02755=20-=20Security=20hardening?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pages/ajax.csvimport.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/ajax.csvimport.php b/pages/ajax.csvimport.php
index df95b721f..8468c92b2 100644
--- a/pages/ajax.csvimport.php
+++ b/pages/ajax.csvimport.php
@@ -366,7 +366,7 @@ try
 					$sDefaultChoice = $aInitFieldMapping[$index];
 				}
 				$oPage->add('<tr>');
-				$oPage->add("<th>$sField</th>");
+				$oPage->add('<th>'.utils::HtmlEntities($sField).'</th>');
 				$oPage->add('<td>'.GetMappingForField($sClassName, $sField, $index, $bAdvanced, $sDefaultChoice).'</td>');
 				$oPage->add('<td>&nbsp;</td>');
 				$oPage->add('<td><input id="search_'.$index.'" type="checkbox" name="search_field['.$index.']" value="1" /></td>');