From 298eb4b1a94c5898fde5a21e412955fc77a3ef93 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Gomez <neorazorx@gmail.com>
Date: Thu, 28 Apr 2022 11:05:55 +0200
Subject: [PATCH] =?UTF-8?q?Sanitized=20the=20data=20read=20from=20the=20in?=
 =?UTF-8?q?put=20by=20the=20debug=20bar=20to=20avoid=20security=20problems?=
 =?UTF-8?q?.=20------=20Saneados=20los=20datos=20le=C3=ADdos=20del=20input?=
 =?UTF-8?q?=20por=20la=20barra=20de=20debug=20para=20evitar=20problemas=20?=
 =?UTF-8?q?de=20seguridad.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Core/Base/Debug/DebugBar.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Core/Base/Debug/DebugBar.php b/Core/Base/Debug/DebugBar.php
index 0adb45c971..0762518def 100644
--- a/Core/Base/Debug/DebugBar.php
+++ b/Core/Base/Debug/DebugBar.php
@@ -1,7 +1,7 @@
 <?php
 /**
  * This file is part of FacturaScripts
- * Copyright (C) 2019-2021 Carlos Garcia Gomez <carlos@facturascripts.com>
+ * Copyright (C) 2019-2022 Carlos Garcia Gomez <carlos@facturascripts.com>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as
@@ -127,7 +127,7 @@ private function addItemInputs(array &$items)
             $label = '<i class="fas fa-keyboard"></i> ' . $type;
             $data = [];
             foreach ($rows as $key => $value) {
-                $data[] = [$key, $value];
+                $data[] = [htmlspecialchars($key), htmlspecialchars($value)];
             }
 
             $this->addItem($items, $label, $data, true);