Merge branch 'ent-10162-stored-cross-site-scripting-special-days-module' into 'develop'

Ent 10162 stored cross site scripting special days module See merge request artica/pandorafms!5444
2025-04-08 18:55:09 +02:00 · 2023-02-02 14:29:14 +00:00 · 2023-02-02 14:29:14 +00:00 · f28a4d0f28
commit f28a4d0f28
parent 3bc593e58a 8475e5fbf6
2 changed files with 2 additions and 2 deletions
--- a/pandora_console/include/class/CalendarManager.class.php
+++ b/pandora_console/include/class/CalendarManager.class.php
@ -900,7 +900,7 @@ class CalendarManager
                $id_group = get_parameter('id_group', null);
                $day_code = get_parameter('day_code', null);
                $id_calendar = get_parameter('id_calendar', null);
-                $description = get_parameter('description', null);
+                $description = io_safe_input(get_parameter('description', null));
                $change = true;
                if ($new === false
                    && ($date === $specialDay->date()
--- a/pandora_console/views/calendar/special_days_edit.php
+++ b/pandora_console/views/calendar/special_days_edit.php
@ -140,7 +140,7 @@ $inputs[] = [
        'type'     => 'textarea',
        'name'     => 'description',
        'required' => false,
-        'value'    => $specialDay->description(),
+        'value'    => io_safe_output($specialDay->description()),
        'rows'     => 50,
        'columns'  => 30,
    ],