Merge branch 'ent-7062-vulneravilidad-xx-en-mensajes' into 'develop'

fixed xss vulnerability

See merge request artica/pandorafms!3861

pandora_console/include/functions_notifications.php

@@ -1080,6 +1080,27 @@ function notifications_print_dropdown_element($message_info)
         break;
     }
 
+    $split_subject = explode(' ', io_safe_output($message_info['subject']));
+    $is_image = false;
+    $img = '';
+    foreach ($split_subject as $item) {
+        if ($is_image) {
+            if (preg_match('/src/', $item)) {
+                $img .= $item.' >';
+                $is_image = false;
+            }
+        }
+
+        if (preg_match('/img/', $item)) {
+            $img = '<img ';
+            $is_image = true;
+        }
+    }
+
+    if ($img !== '') {
+        $message_info['subject'] = io_safe_input($img);
+    }
+
     return sprintf(
         "<a
             class='notification-item'