Merge pull request from GHSA-pjpc-87mp-4332

* sanitise user agent before displaying * Update app/bundles/EmailBundle/Views/SubscribedEvents/Timeline/index.html.php Co-authored-by: John Linhart <admin@escope.cz> * removed obsolete use statement Co-authored-by: John Linhart <admin@escope.cz>
mautic · May 23, 2022 · 462eb59 · 462eb59
1 parent d1518c2
commit 462eb59
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/app/bundles/EmailBundle/Views/SubscribedEvents/Timeline/index.html.php b/app/bundles/EmailBundle/Views/SubscribedEvents/Timeline/index.html.php
@@ -8,6 +8,7 @@
  *
  * @license     GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
  */
+
 if ($item = ((isset($event['extra'])) ? $event['extra']['stat'] : false)): ?>
     <p>
         <?php if (!empty($item['isFailed'])) : ?>
@@ -63,7 +64,7 @@
             endif;
             ?>
             <?php if ($counter > 1): ?><hr/><?php endif; ?>
-            <strong><?php echo $view['date']->toText($detail['datetime'], 'UTC'); ?></strong><br/><?php echo $detail['useragent']; ?>
+            <strong><?php echo $view['date']->toText($detail['datetime'], 'UTC'); ?></strong><br/><?php echo $view->escape($detail['useragent']); ?>
             <?php ++$counter; ?>
         <?php endforeach; ?>
         <?php