From 90f00d1af623f09c7472692d21d1bba28dda0332 Mon Sep 17 00:00:00 2001
From: Partydragen <admin@partydragen.com>
Date: Fri, 8 Mar 2024 21:58:50 +0100
Subject: [PATCH] Sanitise get params

---
 custom/panel_templates/Default/template.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/custom/panel_templates/Default/template.php b/custom/panel_templates/Default/template.php
index d9e0abf9cf..1832da61ed 100644
--- a/custom/panel_templates/Default/template.php
+++ b/custom/panel_templates/Default/template.php
@@ -306,19 +306,19 @@ public function onPageLoad() {
 
                             $url_parameters = [];
                             if (isset($_GET['group'])) {
-                                $url_parameters[] = 'group=' . $_GET['group'];
+                                $url_parameters[] = 'group=' . Output::getClean($_GET['group']);
                             }
 
                             if (isset($_GET['integration'])) {
-                                $url_parameters[] = 'integration=' . $_GET['integration'];
+                                $url_parameters[] = 'integration=' . Output::getClean($_GET['integration']);
                             }
 
                             if (isset($_GET['banned'])) {
-                                $url_parameters[] = 'banned=' . $_GET['banned'];
+                                $url_parameters[] = 'banned=' . Output::getClean($_GET['banned']);
                             }
 
                             if (isset($_GET['active'])) {
-                                $url_parameters[] = 'active=' . $_GET['active'];
+                                $url_parameters[] = 'active=' . Output::getClean($_GET['active']);
                             }
 
                             $this->addJSScript('