From 293d067a4dbec7753878b6bc5ea432fe057d20f7 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Mon, 23 Jan 2023 14:44:10 +0100 Subject: [PATCH 1/2] #10162 safe input description in special days --- pandora_console/include/class/CalendarManager.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/include/class/CalendarManager.class.php b/pandora_console/include/class/CalendarManager.class.php index af7e51848f..989d921e88 100644 --- a/pandora_console/include/class/CalendarManager.class.php +++ b/pandora_console/include/class/CalendarManager.class.php @@ -900,7 +900,7 @@ class CalendarManager $id_group = get_parameter('id_group', null); $day_code = get_parameter('day_code', null); $id_calendar = get_parameter('id_calendar', null); - $description = get_parameter('description', null); + $description = io_safe_input(get_parameter('description', null)); $change = true; if ($new === false && ($date === $specialDay->date() From 8475e5fbf68255bfc7810692b36f7e51fb2e34fb Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Mon, 30 Jan 2023 17:21:20 +0100 Subject: [PATCH 2/2] #10162 fixed entities in special days --- pandora_console/views/calendar/special_days_edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/views/calendar/special_days_edit.php b/pandora_console/views/calendar/special_days_edit.php index 23f72dc38f..74197e57bd 100644 --- a/pandora_console/views/calendar/special_days_edit.php +++ b/pandora_console/views/calendar/special_days_edit.php @@ -140,7 +140,7 @@ $inputs[] = [ 'type' => 'textarea', 'name' => 'description', 'required' => false, - 'value' => $specialDay->description(), + 'value' => io_safe_output($specialDay->description()), 'rows' => 50, 'columns' => 30, ],