Skip to content
Permalink
Browse files
Security: Protect agenda events using Security::remove_XSS
  • Loading branch information
jmontoyaa committed Oct 8, 2018
1 parent b9b48e4 commit 39b3162698455246dbfe791b2f9415c629f52120
Showing with 22 additions and 0 deletions.
  1. +22 −0 main/inc/lib/agenda.lib.php
@@ -1319,6 +1319,8 @@ public function getEvents(
break;
}

$this->cleanEvents();

switch ($format) {
case 'json':
if (empty($this->events)) {
@@ -1337,6 +1339,26 @@ public function getEvents(
}
}

/**
* Clean events
*
* @return bool
*/
public function cleanEvents()
{
if (empty($this->events)) {

return false;
}

foreach ($this->events as &$event) {
$event['description'] = Security::remove_XSS($event['description']);
$event['title'] = Security::remove_XSS($event['title']);
}

return true;
}

/**
* @param int $id
* @param int $minute_delta

0 comments on commit 39b3162

Please sign in to comment.