From 68d44fa9818f644238922f904704ba71e513e769 Mon Sep 17 00:00:00 2001
From: Eric Espie <eric.espie@combodo.com>
Date: Wed, 16 Nov 2022 09:32:47 +0100
Subject: [PATCH] =?UTF-8?q?N=C2=B05724=20-=20code=20hardening?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pages/ajax.render.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/ajax.render.php b/pages/ajax.render.php
index f08fea0fa..17a666c0a 100644
--- a/pages/ajax.render.php
+++ b/pages/ajax.render.php
@@ -1352,7 +1352,7 @@ EOF
 			$aParams = utils::ReadParam('params', '', false, 'raw_data');
 			$sDashletClass = $aParams['attr_dashlet_class'];
 			$sDashletType = $aParams['attr_dashlet_type'];
-			$sDashletId = $aParams['attr_dashlet_id'];
+			$sDashletId = utils::HtmlEntities($aParams['attr_dashlet_id']);
 			$aUpdatedProperties = $aParams['updated']; // Code of the changed properties as an array: 'attr_xxx', 'attr_xxy', etc...
 			$aPreviousValues = $aParams['previous_values']; // hash array: 'attr_xxx' => 'old_value'
 			if (is_subclass_of($sDashletClass, 'Dashlet'))