From 98b358e7adc2f660bd9e5cb7ef038aa298653f76 Mon Sep 17 00:00:00 2001
From: alejandro-campos <alejandro.campos@artica.es>
Date: Tue, 16 Jun 2020 17:27:53 +0200
Subject: [PATCH] fix vulnerability

---
 pandora_console/include/functions_events.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php
index a5b442d69c..89c4d87f05 100644
--- a/pandora_console/include/functions_events.php
+++ b/pandora_console/include/functions_events.php
@@ -4750,7 +4750,7 @@ function events_page_comments($event, $ajax=false)
                     foreach ($comm as $c) {
                         $data[0] = '<b>'.$c['action'].' by '.$c['id_user'].'</b>';
                         $data[0] .= '<br><br><i>'.date($config['date_format'], $c['utimestamp']).'</i>';
-                        $data[1] = '<p style="word-break: break-word;">'.stripslashes(str_replace(['\n', '\r'], '<br/>', $c['comment'])).'</p>';
+                        $data[1] = '<p style="word-break: break-word;">'.strip_tags($c['comment'], '<br>').'</p>';
                         $table_comments->data[] = $data;
                     }
                 break;