Sophie: glpi-9.1.6-2.2.mga6 src

glpi-9.1.6-2.2.mga6.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

From 152b8b63200eaf07546a289448bd6fa1c8ff2b17 Mon Sep 17 00:00:00 2001
From: Johan Cwiklinski <jcwiklinski@teclib.com>
Date: Thu, 1 Mar 2018 09:26:04 +0100
Subject: [PATCH] Escape get keys to prevent possible xss

---
 inc/html.class.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inc/html.class.php b/inc/html.class.php
index a985db5250..bcf1ab4c0c 100644
--- a/inc/html.class.php
+++ b/inc/html.class.php
@@ -4096,6 +4096,7 @@ static function printCleanArray($tab, $pad=0,$jsexpand=false) {
          echo "<tr><th>KEY</th><th>=></th><th>VALUE</th></tr>";
 
          foreach ($tab as $key => $val) {
+            $key = Toolbox::clean_cross_side_scripting_deep($key);
             echo "<tr class='tab_bg_1'><td class='top right'>";
             echo $key;
             $is_array = is_array($val);