Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix low severity stored XSS in group name.
  • Loading branch information
Ahmad Gneady committed Jul 3, 2021
1 parent 6c3dbf5 commit d339275
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions app/admin/getUsers.php
Expand Up @@ -56,6 +56,7 @@
}
$res = sql("select u.memberID, g.name from membership_users u left join membership_groups g on u.groupID=g.groupID left join membership_grouppermissions p on g.groupID=p.groupID and p.tableName='{$table_name}' where {$where} order by g.name, u.memberID limit {$skip}, {$results_per_page}", $eo);
while($row = db_fetch_row($res)) {
$row = array_map('strip_tags', $row);
$prepared_data[] = array('id' => to_utf8($row[0]), 'text' => to_utf8("<b>{$row[1]}</b>/{$row[0]}"));
}

Expand Down
2 changes: 1 addition & 1 deletion app/ajax_admin_tools.php
Expand Up @@ -209,7 +209,7 @@ public function get_record_info() {
$rec_info['dateAdded'] = date($admin_config['PHPDateTimeFormat'], $rec_info['dateAdded']);
$rec_info['dateUpdated'] = date($admin_config['PHPDateTimeFormat'], $rec_info['dateUpdated']);

return @json_encode($rec_info);
return @json_encode(array_map('strip_tags', $rec_info));
}

/**
Expand Down

0 comments on commit d339275

Please sign in to comment.