#565 Fixed security issues (XSS)

SVN:trunk[2282]
2026-04-22 10:08:45 +02:00 · 2012-10-17 15:38:09 +00:00
parent 0f9280399b
commit ce77c65e6e
3 changed files with 5 additions and 3 deletions
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -1371,7 +1371,7 @@ abstract class cmdbAbstractObject extends CMDBObject implements iDisplay
 				if (is_null($aAllowedValues))
 				{
 					// Any value is possible, display an input box
-					$sHtml .= "<label>".MetaModel::GetFilterLabel($sClassName, $sFilterCode).":</label>&nbsp;<input class=\"textSearch\" name=\"$sFilterCode\" value=\"$sFilterValue\"/>\n";
+					$sHtml .= "<label>".MetaModel::GetFilterLabel($sClassName, $sFilterCode).":</label>&nbsp;<input class=\"textSearch\" name=\"$sFilterCode\" value=\"".htmlentities($sFilterValue, ENT_QUOTES, 'utf-8')."\"/>\n";
 				}
 				else
 				{