N°9235 - Sanitize oql_clause query parameter in universal search page

2026-04-23 02:28:44 +02:00 · 2026-03-09 09:56:19 +01:00
parent 9236449b21
commit 7bfa14a874
1 changed files with 1 additions and 1 deletions
--- a/pages/UniversalSearch.php
+++ b/pages/UniversalSearch.php
@@ -109,7 +109,7 @@ if ($oFilter != null) {
 	$oP->SetBreadCrumbEntry($sPageId, $sLabel, '', '', 'fas fa-search', iTopWebPage::ENUM_BREADCRUMB_ENTRY_ICON_TYPE_CSS_CLASSES);

 	// Menu node
-	$sFilter = $oFilter->ToOQL();
+	$sFilter = utils::EscapeHtml($oFilter->ToOQL());
 	$oP->add("\n<!-- $sFilter -->\n");
 }
 $oP->add("</div>\n");