Merge pull request from GHSA-5hg4-r64r-rf83

glpi-project · Jan 27, 2022 · 5c3eee6 · 5c3eee6
1 parent 19f13d2
commit 5c3eee6
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/front/entity.form.php b/front/entity.form.php
@@ -41,7 +41,8 @@
 }
 
 if (array_key_exists('custom_css_code', $_POST)) {
-   $_POST['custom_css_code'] = $_UPOST['custom_css_code'];
+   // Prevent sanitize process to alter '<', '>' and '&' chars.
+   $_POST['custom_css_code'] = $DB->escape($_UPOST['custom_css_code']);
 }
 
 include (GLPI_ROOT . "/front/dropdown.common.form.php");