You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This was found when examining the debug section looking for a query created in dashboard.index.inc.php, near line 290, where the character sequence <= causes the remainder of the displayed query to be truncated.
The text was updated successfully, but these errors were encountered:
What we don't want is for the browser to act on what are real HTML tags. The htmlentities() takes care of that - replacing the tag <script> with the string <script> which displays as <script>, and the string A<=B or C>D with A<=B or C>Dwhich would otherwise show asAD.
Near line 198, the
$message
is first given to PHP'sstrip_tags()
function. Suggest relying only on PHP'shtmlentities()
function.Same for near line 243 in the
display()
function.See #657.
This was found when examining the debug section looking for a query created in dashboard.index.inc.php, near line 290, where the character sequence
<=
causes the remainder of the displayed query to be truncated.The text was updated successfully, but these errors were encountered: