From fd5315d64087625bc5f5f1fb70c2f8eeacfd8fef Mon Sep 17 00:00:00 2001
From: CauseFX <causefx@me.com>
Date: Sat, 9 Apr 2022 20:28:14 -0700
Subject: [PATCH] added sanitize tab name on add and edit

---
 api/classes/organizr.class.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/api/classes/organizr.class.php b/api/classes/organizr.class.php
index 124e5c3d2..e5d70860a 100644
--- a/api/classes/organizr.class.php
+++ b/api/classes/organizr.class.php
@@ -4873,6 +4873,7 @@ public function addTab($array)
 		$array['type'] = ($array['type']) ?? 1;
 		$array['order'] = ($array['order']) ?? $this->getNextTabOrder() + 1;
 		if (array_key_exists('name', $array)) {
+			$array['name'] = filter_var($array['name'], FILTER_SANITIZE_STRING);
 			if ($this->isTabNameTaken($array['name'])) {
 				$this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409);
 				return false;
@@ -4922,6 +4923,7 @@ public function updateTab($id, $array)
 			return false;
 		}
 		if (array_key_exists('name', $array)) {
+			$array['name'] = filter_var($array['name'], FILTER_SANITIZE_STRING);
 			if ($this->isTabNameTaken($array['name'], $id)) {
 				$this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409);
 				return false;