composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-23 02:28:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8168 - Stored XSS in portals lnk

Browse Source
This commit is contained in:
bdalsass
2025-05-23 08:52:18 +02:00
parent 80b290ab88
commit 8b30e36dd1
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sources/Renderer/Bootstrap/FieldRenderer/BsLinkedSetFieldRenderer.php
View File

@@ -893,7 +893,7 @@ JS
} else if ($oAttDef->IsExternalKey()) {
/** @var \AttributeExternalKey $oAttDef */
$aAttProperties['value_html'] = $oItem->Get($sAttCode.'_friendlyname');
$aAttProperties['value_html'] = utils::EscapeHtml($oItem->Get($sAttCode.'_friendlyname'));
// Checking if user can access object's external key
$sObjectUrl = ApplicationContext::MakeObjectUrl($oAttDef->GetTargetClass(), $oItem->Get($sAttCode));