composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°4362 - XSS in ajax.render.php?operation=wizard_helper on develop

Browse Source
This commit is contained in:
acognet
2021-10-14 15:45:43 +02:00
parent 20f4419062
commit 83125d9ae1
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
application/wizardhelper.class.inc.php
View File

@@ -350,8 +350,7 @@ class WizardHelper
*/
public function GetJsForUpdateFields()
{
$sWizardHelperJsVar = (!is_null($this->m_aData['m_sWizHelperJsVarName'])) ? utils::Sanitize($this->m_aData['m_sWizHelperJsVarName'], utils::ENUM_SANITIZATION_FILTER_PARAMETER) : 'oWizardHelper'.$this->GetFormPrefix();
//str_replace(['(', ')', ';'], '', $this->m_aData['m_sWizHelperJsVarName']) : 'oWizardHelper'.$this->GetFormPrefix();
$sWizardHelperJsVar = (!is_null($this->m_aData['m_sWizHelperJsVarName'])) ? utils::Sanitize($this->m_aData['m_sWizHelperJsVarName'], '', utils::ENUM_SANITIZATION_FILTER_PARAMETER) : 'oWizardHelper'.$this->GetFormPrefix();
$sWizardHelperJson = $this->ToJSON();
return <<<JS