[security] Fixed issue #12270: XSS Vulnerability (#682)

LimeSurvey · Apr 18, 2017 · faf3f18 · faf3f18
1 parent a18bb1c
commit faf3f18
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/application/helpers/qanda_helper.php b/application/helpers/qanda_helper.php
@@ -3200,6 +3200,7 @@ function do_numerical($ia)
         $fValue = rtrim(rtrim($fValue,"0"),".");
     }
     $fValue = str_replace('.',$sSeparator,$fValue);
+    $fValue = htmlspecialchars($fValue);
 
     if ($thissurvey['nokeyboard']=='Y')
     {