Fix Stored XSS security issue: escape textarea HTML

francoisjacquet · May 7, 2022 · 069e30a · 069e30a
1 parent d6e4dae
commit 069e30a
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,6 +1,10 @@
 # CHANGES
 ## RosarioSIS Student Information System
 
+Changes in 8.9.6
+----------------
+- Fix Stored XSS security issue: escape textarea HTML in Inputs.php, thanks to @jo125ker
+
 Changes in 8.9.5
 ----------------
 - Fix stored XSS security issue: do not allow unsanitized XML & HTML in FileUpload.fnc.php, thanks to @nhienit2010

diff --git a/functions/Inputs.php b/functions/Inputs.php
@@ -422,7 +422,9 @@ function TextAreaInput( $value, $name, $title = '', $extra = '', $div = true, $t
 
 	$textarea =  ( $type === 'markdown' ? MarkDownInputPreview( $id ) : '' ) .
 		'<textarea id="' . $id . '" name="' . $name . '" ' . $extra . '>' .
-		$value . '</textarea>' . ( $type === 'tinymce' ? $ftitle_nobr : $ftitle );
+		// Fix Stored XSS security issue: escape textarea HTML.
+		htmlspecialchars( (string) $value ) .
+		'</textarea>' . ( $type === 'tinymce' ? $ftitle_nobr : $ftitle );
 
 	if ( $value == ''
 		|| ! $div )