From 73cf98fc02d03b13586f8d5cb77b2c7091b84325 Mon Sep 17 00:00:00 2001
From: Jose Gonzalez <jose.gonzalez@artica.es>
Date: Tue, 9 Jun 2020 10:22:54 +0200
Subject: [PATCH] Cleaned tags for affected fields

---
 pandora_console/include/functions_config.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php
index 96f266fc1e..b7d23fbb7d 100644
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@@ -1212,8 +1212,8 @@ function config_update_config()
                     // --------------------------------------------------
                     // CUSTOM VALUES POST PROCESS
                     // --------------------------------------------------
-                    $custom_value = get_parameter('custom_value');
-                    $custom_text = get_parameter('custom_text');
+                    $custom_value = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_value'))));
+                    $custom_text = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_text'))));
                     $custom_value_add = (bool) get_parameter('custom_value_add', 0);
                     $custom_value_to_delete = get_parameter('custom_value_to_delete', 0);
 
@@ -1284,8 +1284,8 @@ function config_update_config()
                     // --------------------------------------------------
                     // MODULE CUSTOM UNITS
                     // --------------------------------------------------
-                    $custom_unit = get_parameter('custom_module_unit');
-                    $custom_unit_to_delete = get_parameter('custom_module_unit_to_delete', '');
+                    $custom_unit = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_module_unit'))));
+                    $custom_unit_to_delete = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_module_unit_to_delete', ''))));
 
                     if (!empty($custom_unit)) {
                         if (!add_custom_module_unit(