fix xss on module api call in value parameters

microweber · Jan 19, 2022 · fc7e1a0 · fc7e1a0
1 parent 6e9fcaa
commit fc7e1a0
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/MicroweberPackages/App/Http/Controllers/ApiController.php b/src/MicroweberPackages/App/Http/Controllers/ApiController.php
@@ -17,9 +17,6 @@
 class ApiController  extends FrontendController
 {
 
-
-
-
     public function api_html()
     {
         if (!defined('MW_API_HTML_OUTPUT')) {
@@ -609,12 +606,14 @@ public function module()
 
         $request_data = array_merge($_GET, $_POST);
 
-
         // sanitize attributes
         if($request_data){
             $request_data_new = [];
             $antixss = new AntiXSS();
             foreach ($request_data as $k=>$v){
+
+                $v = $antixss->xss_clean($v);
+
                 if(is_string($k)){
                     $k = $antixss->xss_clean($k);
                     if($k){
@@ -623,6 +622,7 @@ public function module()
                 } else {
                     $request_data_new[$k] = $v;
                 }
+
             }
             $request_data = $request_data_new;
         }