From 56a0bdc747ea29ca42b606001bc6b07827c0de4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20Fa=C3=9Fbender?= <markus.fassbender@gmail.com>
Date: Tue, 21 Dec 2021 21:49:46 +0100
Subject: [PATCH]  Url within menu entry could be used to execude javascript
 #1138

---
 adm_program/modules/menu/menu_function.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/adm_program/modules/menu/menu_function.php b/adm_program/modules/menu/menu_function.php
index 4c20c85ce..212e56fa6 100644
--- a/adm_program/modules/menu/menu_function.php
+++ b/adm_program/modules/menu/menu_function.php
@@ -49,7 +49,7 @@
     $postComId    = admFuncVariableIsValid($_POST, 'men_com_id',        'int');
     $postName     = admFuncVariableIsValid($_POST, 'men_name',          'string', array('default' => ''));
     $postDesc     = admFuncVariableIsValid($_POST, 'men_description',   'string', array('default' => ''));
-    $postUrl      = admFuncVariableIsValid($_POST, 'men_url',           'string', array('default' => ''));
+    $postUrl      = admFuncVariableIsValid($_POST, 'men_url',           'url',    array('default' => ''));
     $postIcon     = admFuncVariableIsValid($_POST, 'men_icon',          'string', array('default' => ''));
 
     // within standard menu items the url should not be changed