composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°8168 - Stored XSS in portals lnk

Browse Source
This commit is contained in:
bdalsass
2025-05-23 08:42:56 +02:00
parent 38683c20b1
commit 81b20ee583
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sources/renderer/bootstrap/fieldrenderer/bslinkedsetfieldrenderer.class.inc.php
View File

@@ -611,7 +611,7 @@ JS
if ($oAttDef->IsExternalKey())
{
/** @var \AttributeExternalKey $oAttDef */
$aAttProperties['value'] = $oRemoteItem->Get($sAttCode . '_friendlyname');
$aAttProperties['value'] = \Str::pure2html($oRemoteItem->Get($sAttCode . '_friendlyname'));
// Checking if user can access object's external key
$sObjectUrl = ApplicationContext::MakeObjectUrl($oAttDef->GetTargetClass(), $oRemoteItem->Get($sAttCode));