fix vulnerability

2025-07-28 00:04:37 +02:00 · 2020-06-16 17:27:53 +02:00 · 2020-06-16 17:27:53 +02:00 · 98b358e7ad
commit 98b358e7ad
parent e6aee8582d
1 changed files with 1 additions and 1 deletions
--- a/pandora_console/include/functions_events.php
+++ b/pandora_console/include/functions_events.php
@ -4750,7 +4750,7 @@ function events_page_comments($event, $ajax=false)
                    foreach ($comm as $c) {
                        $data[0] = '<b>'.$c['action'].' by '.$c['id_user'].'</b>';
                        $data[0] .= '<br><br><i>'.date($config['date_format'], $c['utimestamp']).'</i>';
-                        $data[1] = '<p style="word-break: break-word;">'.stripslashes(str_replace(['\n', '\r'], '<br/>', $c['comment'])).'</p>';
+                        $data[1] = '<p style="word-break: break-word;">'.strip_tags($c['comment'], '<br>').'</p>';
                        $table_comments->data[] = $data;
                    }
                break;