From 1172159745be46d0a6372abfbd17b83da1a28522 Mon Sep 17 00:00:00 2001
From: Eric Espie <eric.espie@combodo.com>
Date: Thu, 1 Jun 2023 15:12:50 +0200
Subject: [PATCH 1/2] =?UTF-8?q?N=C2=B06351=20-=20code=20hardening?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pages/ajax.searchform.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/ajax.searchform.php b/pages/ajax.searchform.php
index e6e3c9572..5bdcfd343 100644
--- a/pages/ajax.searchform.php
+++ b/pages/ajax.searchform.php
@@ -75,7 +75,7 @@ try
 
     if (array_key_exists('table_inner_id', $aListParams))
     {
-        $sListId = $aListParams['table_inner_id'];
+        $sListId = utils::HtmlEntities($aListParams['table_inner_id']);
     }
 
 	if (array_key_exists('json', $aListParams))

From 9e96ea2873799430a784a1a94c7b5d664762eb54 Mon Sep 17 00:00:00 2001
From: Eric Espie <eric.espie@combodo.com>
Date: Thu, 1 Jun 2023 15:35:56 +0200
Subject: [PATCH 2/2] =?UTF-8?q?N=C2=B06350=20-=20code=20hardening?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/utils.inc.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/application/utils.inc.php b/application/utils.inc.php
index 95b91f306..4f12fec5f 100644
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -361,7 +361,8 @@ class utils
 
 			// For URL
 			case 'url':
-				$retValue = filter_var($value, FILTER_SANITIZE_URL);
+                // N°6350 - returns only valid URLs
+				$retValue = filter_var($value, FILTER_VALIDATE_URL);
 				break;
 
 			default: