tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5691-Vulnerabilidad-XSS-en-sistema-de-mensajes' into 'develop' 

fix cross-site scripting vulnerability

See merge request artica/pandorafms!3156
This commit is contained in:
Alejandro Fraguas 2020-04-14 15:36:48 +02:00
parent 414bb7ef0d 268e317ca3
commit 254a32be22
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pandora_console/operation/messages/message_edit.php
View File

@ -127,17 +127,7 @@ if ($read_message) {
).' '.$user_name;
}
$order = [
"\r\n",
"\n",
"\r",
];
$replace = '<br />';
$parsed_message = str_replace(
$order,
$replace,
trim(io_safe_output($row['message']))
);
$parsed_message = nl2br(htmlspecialchars(trim(io_safe_output($row['message']))));
echo '<div class="container">';
echo ' <p>'.$parsed_message.'</p>';