N°4362 - XSS in ajax.render.php?operation=wizard_helper on develop

Combodo · Oct 14, 2021 · 83125d9 · 83125d9
1 parent 20f4419
commit 83125d9
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/application/wizardhelper.class.inc.php b/application/wizardhelper.class.inc.php
@@ -350,8 +350,7 @@ public function GetReturnNotEditableFields()
 	 */
 	public function GetJsForUpdateFields()
 	{
-		$sWizardHelperJsVar = (!is_null($this->m_aData['m_sWizHelperJsVarName'])) ? utils::Sanitize($this->m_aData['m_sWizHelperJsVarName'], utils::ENUM_SANITIZATION_FILTER_PARAMETER) : 'oWizardHelper'.$this->GetFormPrefix();
-		//str_replace(['(', ')', ';'], '', $this->m_aData['m_sWizHelperJsVarName']) : 'oWizardHelper'.$this->GetFormPrefix();
+		$sWizardHelperJsVar = (!is_null($this->m_aData['m_sWizHelperJsVarName'])) ? utils::Sanitize($this->m_aData['m_sWizHelperJsVarName'], '', utils::ENUM_SANITIZATION_FILTER_PARAMETER) : 'oWizardHelper'.$this->GetFormPrefix();
 		$sWizardHelperJson = $this->ToJSON();
 
 		return <<<JS