Skip to content
Permalink
Browse files

Security: Fix suspected XSS vulnerability in tickets

  • Loading branch information...
ywarnier committed Dec 21, 2018
1 parent 87769b3 commit bec1fd1681fc1edf21e697a3b561897f7a3ea9f5
Showing with 3 additions and 3 deletions.
  1. +2 −2 main/inc/lib/TicketManager.php
  2. +1 −1 main/ticket/new_ticket.php
@@ -457,11 +457,11 @@ public static function add(
</tr>
<tr>
<td width="100px"><b>'.get_lang('Title').'</b></td>
<td width="400px">'.$subject.'</td>
<td width="400px">'.Security::remove_XSS($subject).'</td>
</tr>
<tr>
<td width="100px"><b>'.get_lang('Description').'</b></td>
<td width="400px">'.$content.'</td>
<td width="400px">'.Security::remove_XSS($content).'</td>
</tr>
</table>';
@@ -146,7 +146,7 @@ function js_array($array, $name, $key)
function save_ticket()
{
$content = $_POST['content'];
if ($_POST['phone'] != '') {
if (!empty($_POST['phone'])) {
$content .= '<p style="color:red">&nbsp;'.get_lang('Phone').': '.$_POST['phone'].'</p>';
}
$course_id = isset($_POST['course_id']) ? (int) $_POST['course_id'] : '';

0 comments on commit bec1fd1

Please sign in to comment.
You can’t perform that action at this time.