From 7b2bcaaf2b8acd5562a50ac0cdf69705fa6cc113 Mon Sep 17 00:00:00 2001
From: Carsten Schmitz <carsten.schmitz@limesurvey.org>
Date: Sun, 19 Feb 2023 23:22:53 +0100
Subject: [PATCH] Fixed issue: [security] Minor XSS vulnerability when editing
 a question

---
 application/controllers/QuestionAdministrationController.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/application/controllers/QuestionAdministrationController.php b/application/controllers/QuestionAdministrationController.php
index 6b082f32f40..9ce8480bb5a 100644
--- a/application/controllers/QuestionAdministrationController.php
+++ b/application/controllers/QuestionAdministrationController.php
@@ -117,6 +117,9 @@ public function actionCreate($surveyid)
     public function actionEdit(int $questionId, string $tabOverviewEditor = null)
     {
         $questionId = (int) $questionId;
+        if (!in_array($tabOverviewEditor, ['overview', 'editor'], true)) {
+            $tabOverviewEditor = null;
+        }
 
         /** @var $question Question|null */
         $question = Question::model()->findByPk($questionId);