From 152b8b63200eaf07546a289448bd6fa1c8ff2b17 Mon Sep 17 00:00:00 2001 From: Johan Cwiklinski <jcwiklinski@teclib.com> Date: Thu, 1 Mar 2018 09:26:04 +0100 Subject: [PATCH] Escape get keys to prevent possible xss --- inc/html.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/html.class.php b/inc/html.class.php index a985db5250..bcf1ab4c0c 100644 --- a/inc/html.class.php +++ b/inc/html.class.php @@ -4096,6 +4096,7 @@ static function printCleanArray($tab, $pad=0,$jsexpand=false) { echo "<tr><th>KEY</th><th>=></th><th>VALUE</th></tr>"; foreach ($tab as $key => $val) { + $key = Toolbox::clean_cross_side_scripting_deep($key); echo "<tr class='tab_bg_1'><td class='top right'>"; echo $key; $is_array = is_array($val);