[jan] SECURITY: Fix XSS vulnerability with form sections.

horde · Jul 4, 2017 · 9e8cf9f · 9e8cf9f
1 parent b9d1377
commit 9e8cf9f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/framework/Form/lib/Horde/Form/Renderer.php b/framework/Form/lib/Horde/Form/Renderer.php
@@ -147,7 +147,7 @@ function _renderSectionTabs(&$form)
         $page->addInlineScript(
             sprintf('var sections_%1$s = new Horde_Form_Sections(\'%1$s\', \'%2$s\');',
                     $form->getName(),
-                    addslashes($open_section)));
+                    rawurlencode($open_section)));
 
         /* Loop through the sections and print out a tab for each. */
         echo "<div class=\"tabset\"><ul>\n";

diff --git a/framework/Form/package.xml b/framework/Form/package.xml
@@ -27,7 +27,7 @@
  </stability>
  <license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
  <notes>
-* 
+* [jan] SECURITY: Fix XSS vulnerability with form sections.
  </notes>
  <contents>
   <dir baseinstalldir="/" name="/">
@@ -1017,7 +1017,7 @@ Converted to package.xml 2.0 for pear.horde.org
    <date>2017-04-03</date>
    <license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
    <notes>
-* 
+* [jan] SECURITY: Fix XSS vulnerability with form sections.
    </notes>
   </release>
  </changelog>