Skip to content

Commit

Permalink
Escape external links URLs
Browse files Browse the repository at this point in the history
  • Loading branch information
@cedric-anne @trasher
cedric-anne authored and trasher committed Jan 24, 2023
1 parent 00fa21b commit 1e8157b
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions inc/link.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -601,7 +601,7 @@ static function getAllLinksFor($item, $params = []) {
foreach ($links as $key => $val) {
$name = (isset($names[$key]) ? $names[$key] : reset($names));
$url = $val;
$newlink = "<a href='$url'";
$newlink = '<a href="' . htmlspecialchars($url) . '"';
if ($params['open_window']) {
$newlink .= " target='_blank'";
}
Expand All @@ -627,9 +627,9 @@ static function getAllLinksFor($item, $params = []) {
$file = reset($files);
}
$url = $CFG_GLPI["root_doc"]."/front/link.send.php?lID=".$params['id'].
"&amp;itemtype=".$item->getType().
"&amp;id=".$item->getID()."&amp;rank=$key";
$newlink = "<a href='$url' target='_blank'>";
"&itemtype=".$item->getType().
"&id=".$item->getID()."&rank=$key";
$newlink = '<a href="' . htmlspecialchars($url) . '" target="_blank">';
$linkname = sprintf(__('%1$s #%2$s'), $name, $i);
$newlink .= sprintf(__('%1$s: %2$s'), $linkname, $val);
$newlink .= "</a>";
Expand Down

0 comments on commit 1e8157b

Please sign in to comment.