From 7167fbd8a2af4348a54a2349dd468d658e9f0c36 Mon Sep 17 00:00:00 2001
From: Ahmad Gneady <support@bigprof.com>
Date: Thu, 1 Jul 2021 20:43:00 +0200
Subject: [PATCH] Fix low severity stored XSS vulnerability in
 `membership_profile.php`

---
 app/membership_profile.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/membership_profile.php b/app/membership_profile.php
index 67ff3ba..81d1bcc 100644
--- a/app/membership_profile.php
+++ b/app/membership_profile.php
@@ -133,13 +133,13 @@
 					<fieldset id="profile">
 						<div class="form-group">
 							<label for="email"><?php echo $Translation['email']; ?></label>
-							<input type="email" id="email" name="email" value="<?php echo $mi['email']; ?>" class="form-control">
+							<input type="email" id="email" name="email" value="<?php echo html_attr($mi['email']); ?>" class="form-control">
 						</div>
 
 						<?php for($i=1; $i<5; $i++) { ?>
 							<div class="form-group">
 								<label for="custom<?php echo $i; ?>"><?php echo $adminConfig['custom'.$i]; ?></label>
-								<input type="text" id="custom<?php echo $i; ?>" name="custom<?php echo $i; ?>" value="<?php echo $mi['custom'][$i-1]; ?>" class="form-control">
+								<input type="text" id="custom<?php echo $i; ?>" name="custom<?php echo $i; ?>" value="<?php echo html_attr($mi['custom'][$i-1]); ?>" class="form-control">
 							</div>
 						<?php } ?>