Permalink
Browse files

Security: Protect agenda events using Security::remove_XSS

  • Loading branch information...
jmontoyaa committed Oct 8, 2018
1 parent b9b48e4 commit 39b3162698455246dbfe791b2f9415c629f52120
Showing with 22 additions and 0 deletions.
  1. +22 −0 main/inc/lib/agenda.lib.php
@@ -1319,6 +1319,8 @@ public function getEvents(
break;
}
$this->cleanEvents();
switch ($format) {
case 'json':
if (empty($this->events)) {
@@ -1337,6 +1339,26 @@ public function getEvents(
}
}
/**
* Clean events
*
* @return bool
*/
public function cleanEvents()
{
if (empty($this->events)) {
return false;
}
foreach ($this->events as &$event) {
$event['description'] = Security::remove_XSS($event['description']);
$event['title'] = Security::remove_XSS($event['title']);
}
return true;
}
/**
* @param int $id
* @param int $minute_delta

0 comments on commit 39b3162

Please sign in to comment.