Fix reflected XSS vulnerability on the stats page

TracksApp · Jul 25, 2024 · c23ca05 · c23ca05
1 parent 0fc6695
commit c23ca05
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/app/views/stats/show_selection_from_chart.html.erb b/app/views/stats/show_selection_from_chart.html.erb
@@ -4,8 +4,8 @@
     unless @further
 -%>
 <%= raw t('stats.click_to_show_actions_from_week',
-      :link => link_to("here", show_actions_from_chart_path(:id=>"#{params[:id]}_end", :index => params[:index])),
-      :week => params[:index])
+      :link => link_to("here", show_actions_from_chart_path(:id=>"#{params[:id].to_i}_end", :index => params[:index].to_i)),
+      :week => params[:index].to_i)
 -%>
 <%
     end