xss: SLA Name

This mitigates an issue discovered by Gais Cyber Security where the SLA Name can be exploited via XSS to execute code. This sanitizes the content for `create()` and `update()` with `Format::htmlchars()` so we are safe from any XSS attempts.
osTicket · Apr 28, 2020 · fc4c860 · fc4c860
1 parent de41aeb
commit fc4c860
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/include/class.sla.php b/include/class.sla.php
@@ -106,7 +106,7 @@ static function getVarScope() {
     }
 
     function update($vars, &$errors) {
-
+        $vars = Format::htmlchars($vars);
         if (!$vars['grace_period'])
             $errors['grace_period'] = __('Grace period required');
         elseif (!is_numeric($vars['grace_period']))
@@ -208,6 +208,7 @@ static function getIdByName($name) {
     }
 
     static function create($vars=false, &$errors=array()) {
+        $vars = Format::htmlchars($vars);
         $sla = new static($vars);
         $sla->created = SqlFunction::NOW();
         return $sla;