From e833c318a5a91d6d709a5b266c1245261b4c0e70 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Wed, 9 Sep 2020 12:35:28 +0200 Subject: [PATCH] Avoid XSS in Module templates --- pandora_console/include/class/ModuleTemplates.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pandora_console/include/class/ModuleTemplates.class.php b/pandora_console/include/class/ModuleTemplates.class.php index 585a40aa13..434a3555c6 100644 --- a/pandora_console/include/class/ModuleTemplates.class.php +++ b/pandora_console/include/class/ModuleTemplates.class.php @@ -303,8 +303,8 @@ class ModuleTemplates extends HTML if (!empty($this->action)) { // Success variable. $success = false; - $this->name = get_parameter('name', ''); - $this->description = get_parameter('description', ''); + $this->name = io_safe_input(strip_tags(io_safe_output((string) get_parameter('name')))); + $this->description = io_safe_input(strip_tags(io_safe_output((string) get_parameter('description')))); $this->pen = get_parameter('pen', ''); switch ($this->action) {