N°3835 - Make global pass on all inputs (objects, dashlets, ...) to ensure XSS and double encoding have been dealt with

2026-02-13 07:24:13 +01:00 · 2021-10-01 09:20:13 +02:00
parent 5a09365221
commit 963fae243c
1 changed files with 1 additions and 1 deletions
--- a/application/ui.extkeywidget.class.inc.php
+++ b/application/ui.extkeywidget.class.inc.php
@@ -243,7 +243,7 @@ class UIExtKeyWidget
 					foreach ($aAdditionalField as $sAdditionalField) {
 						array_push($aArguments, $oObj->Get($sAdditionalField));
 					}
-					$aOption['additional_field'] = vsprintf($sFormatAdditionalField, $aArguments);
+					$aOption['additional_field'] = utils::HtmlEntities(vsprintf($sFormatAdditionalField, $aArguments));
 				}
 				if (!empty($sObjectImageAttCode)) {
 					// Try to retrieve image for contact