#565 Fixed security issues (XSS)

SVN:trunk[2282]
2026-05-21 16:22:20 +02:00 · 2012-10-17 15:38:09 +00:00
parent 0f9280399b
commit ce77c65e6e
3 changed files with 5 additions and 3 deletions
--- a/datamodels/1.x/itop-attachments/ajax.attachment.php
+++ b/datamodels/1.x/itop-attachments/ajax.attachment.php
@@ -102,7 +102,8 @@ try
 }
 catch (Exception $e)
 {
-	echo $e->GetMessage();
+	// note: transform to cope with XSS attacks
+	echo htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8');
 	IssueLog::Error($e->getMessage());
 }
 ?>