Skip to content

Commit

Permalink
Escape external links URLs
Browse files Browse the repository at this point in the history
  • Loading branch information
@orthagh @trasher
orthagh authored and trasher committed Jan 24, 2023
1 parent 5319b38 commit 7b3704c
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/Link.php
View file
Expand Up @@ -665,7 +665,7 @@ public static function getAllLinksFor($item, $params = [])
foreach ($links as $key => $val) {
$name = (isset($names[$key]) ? $names[$key] : reset($names));
$url = $val;
$newlink = "<a href='$url'";
$newlink = '<a href="' . htmlspecialchars($url) . '"';
if ($params['open_window']) {
$newlink .= " target='_blank'";
}
Expand All @@ -691,9 +691,9 @@ public static function getAllLinksFor($item, $params = [])
$file = reset($files);
}
$url = $CFG_GLPI["root_doc"] . "/front/link.send.php?lID=" . $params['id'] .
"&amp;itemtype=" . $item->getType() .
"&amp;id=" . $item->getID() . "&amp;rank=$key";
$newlink = "<a href='$url' target='_blank'>";
"&itemtype=" . $item->getType() .
"&id=" . $item->getID() . "&rank=$key";
$newlink = '<a href="' . htmlspecialchars($url) . '" target="_blank">';
$newlink .= "<i class='fa-lg fa-fw fas fa-link'></i>&nbsp;";
$linkname = sprintf(__('%1$s #%2$s'), $name, $i);
$newlink .= sprintf(__('%1$s: %2$s'), $linkname, $val);
Expand Down

1 comment on commit 7b3704c

@grigribou
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

I reported thsi issue : #14062

Reverted changes on my local install and OK

Please sign in to comment.