From be345e5f6ea6baf40b661888cfceca3e78086e62 Mon Sep 17 00:00:00 2001
From: Ahmad Gneady <support@bigprof.com>
Date: Sun, 11 Jul 2021 02:12:45 +0200
Subject: [PATCH] Fix low severity stored xss in signup page.

---
 app/membership_signup.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/membership_signup.php b/app/membership_signup.php
index e85b3f5..0a96282 100644
--- a/app/membership_signup.php
+++ b/app/membership_signup.php
@@ -152,8 +152,8 @@
 									if($adminConfig['custom'.$cf] != '') {
 										?>
 										<div class="row form-group">
-										   <div class="col-sm-3"><label class="control-label" for="custom<?php echo $cf; ?>"><?php echo $adminConfig['custom'.$cf]; ?></label></div>
-										   <div class="col-sm-9"><input class="form-control" type="text" placeholder="<?php echo $adminConfig['custom'.$cf]; ?>" id="custom<?php echo $cf; ?>" name="custom<?php echo $cf; ?>"></div>
+										   <div class="col-sm-3"><label class="control-label" for="custom<?php echo $cf; ?>"><?php echo htmlspecialchars($adminConfig['custom'.$cf]); ?></label></div>
+										   <div class="col-sm-9"><input class="form-control" type="text" placeholder="<?php echo htmlspecialchars($adminConfig['custom'.$cf]); ?>" id="custom<?php echo $cf; ?>" name="custom<?php echo $cf; ?>"></div>
 										</div>
 										<?php
 									}