Fix low severity stored XSS in admin/pageEditMember.php and `admin/…

…pageEditMemberPermissions.php`
bigprof-software · Jul 3, 2021 · 6c3dbf5 · 6c3dbf5
1 parent 217a7b2
commit 6c3dbf5
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/app/admin/pageEditMember.php b/app/admin/pageEditMember.php
@@ -139,7 +139,7 @@
 	} elseif($_GET['groupID'] != '') {
 		// show the form for adding a new member, and pre-select the provided group
 		$groupID = intval($_GET['groupID']);
-		$group_name = sqlValue("select name from membership_groups where groupID='$groupID'");
+		$group_name = strip_tags(sqlValue("select name from membership_groups where groupID='$groupID'"));
 		if($group_name)
 			$addend = " to '{$group_name}'";
 	}

diff --git a/app/admin/pageEditMemberPermissions.php b/app/admin/pageEditMemberPermissions.php
@@ -19,7 +19,7 @@
 	$anonGroupID = sqlValue("select groupID from membership_groups where lcase(name)='" . strtolower(makeSafe($anonymousGroup)) . "'");
 	$adminGroupID = sqlValue("select groupID from membership_groups where name='Admins'");
 	$groupID = sqlValue("select groupID from membership_users where lcase(memberID)='{$memberID->sql}'");
-	$group = sqlValue("select name from membership_groups where groupID='{$groupID}'");
+	$group = strip_tags(sqlValue("select name from membership_groups where groupID='{$groupID}'"));
 	if($groupID == $anonGroupID || $memberID->raw == $anonymousMember || !$groupID || $groupID == $adminGroupID || $memberID->raw == $adminConfig['adminUsername']) {
 		// error in request. redirect to members page.
 		redirect('admin/pageViewMembers.php');