sec(RelatedList) XSS in link parameters

tsolucio · Sep 1, 2022 · 7cd68a3 · 7cd68a3
1 parent 56afdbf
commit 7cd68a3
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/include/utils/ListViewUtils.php b/include/utils/ListViewUtils.php
@@ -168,11 +168,11 @@ function getListViewHeader($focus, $module, $sort_qry = '', $sorder = '', $order
 						if ($relatedlist != '' && $relatedlist != 'global') {
 							$relationURL = '';
 							if (!empty($_REQUEST['relation_id'])) {
-								$relationURL = '&relation_id=' . vtlib_purify($_REQUEST['relation_id']);
+								$relationURL = '&relation_id=' . filter_var($_REQUEST['relation_id'], FILTER_SANITIZE_NUMBER_INT);
 							}
 							$actionsURL = '';
 							if (!empty($_REQUEST['actions'])) {
-								$actionsURL = '&actions=' . vtlib_purify($_REQUEST['actions']);
+								$actionsURL = '&actions=' . urlencode(vtlib_purify($_REQUEST['actions']));
 							}
 							if (empty($_REQUEST['header'])) {
 								$moduleLabel = $module;