Fixed issue #8292: Minor XSS vulnerability in adminstration survey list

LimeSurvey · Oct 21, 2013 · ee4b502 · ee4b502
1 parent 6688320
commit ee4b502
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/application/controllers/admin/surveyadmin.php b/application/controllers/admin/surveyadmin.php
@@ -623,7 +623,7 @@ public function getSurveys_json()
             '<a href="' . $this->getController()->createUrl("/admin/survey/sa/view/surveyid/" . $rows['sid']) . '">' . $rows['sid'] . '</a>';
 
             //Set Title
-            $aSurveyEntry[] = '<!--' . $rows['surveyls_title'] . '--><a href="' . $this->getController()->createUrl("/admin/survey/sa/view/surveyid/" . $rows['sid']) . '" title="' . $rows['surveyls_title'] . '">' . $rows['surveyls_title'] . '</a>';
+            $aSurveyEntry[] = '<!--' . flattenText($rows['surveyls_title']) . '--><a href="' . $this->getController()->createUrl("/admin/survey/sa/view/surveyid/" . $rows['sid']) . '" title="' . flattenText($rows['surveyls_title'])  . '">' . flattenText($rows['surveyls_title'])  . '&nbsp;&nbsp;&nbsp;</a>';
 
             //Set Date
             Yii::import('application.libraries.Date_Time_Converter', true);