From 135717a9a05c5bf8921f1389cbb469dcbf300bfd Mon Sep 17 00:00:00 2001
From: PipoCanaja <38363551+PipoCanaja@users.noreply.github.com>
Date: Sun, 13 Feb 2022 11:00:56 +0100
Subject: [PATCH] security - XSS Fix 01

fixing https://huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177/ (#13775)
---
 includes/html/forms/alert-transports.inc.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/includes/html/forms/alert-transports.inc.php b/includes/html/forms/alert-transports.inc.php
index 9675e9fc4cf2..21190036f3b0 100644
--- a/includes/html/forms/alert-transports.inc.php
+++ b/includes/html/forms/alert-transports.inc.php
@@ -34,10 +34,10 @@
 $status = 'ok';
 $message = '';
 
-$transport_id = $vars['transport_id'];
-$name = $vars['name'];
+$transport_id = strip_tags($vars['transport_id']);
+$name = strip_tags($vars['name']);
 $is_default = (int) (isset($vars['is_default']) && $vars['is_default'] == 'on');
-$transport_type = $vars['transport-type'];
+$transport_type = strip_tags($vars['transport-type']);
 
 if (empty($name)) {
     $status = 'error';