Message subject not properly checked against xss #1120

Admidio · Oct 20, 2021 · 2460444 · 2460444
1 parent 01a83d4
commit 2460444
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/adm_program/modules/messages/messages_write.php b/adm_program/modules/messages/messages_write.php
@@ -26,7 +26,7 @@
 // Initialize and check the parameters
 $getMsgType    = admFuncVariableIsValid($_GET, 'msg_type',    'string');
 $getUserId     = admFuncVariableIsValid($_GET, 'usr_id',      'int');
-$getSubject    = admFuncVariableIsValid($_GET, 'subject',     'html');
+$getSubject    = admFuncVariableIsValid($_GET, 'subject',     'string');
 $getMsgId      = admFuncVariableIsValid($_GET, 'msg_id',      'int');
 $getRoleId     = admFuncVariableIsValid($_GET, 'rol_id',      'int');
 $getCarbonCopy = admFuncVariableIsValid($_GET, 'carbon_copy', 'bool', array('defaultValue' => false));