Merge pull request #2263 from magento-chaika/MAGETWO-70939

Fixed issues: - MAGETWO-70939: Reflected XSS in admin Reports
magento · Mar 24, 2018 · fe17868 · fe17868
2 parents c5f460e + bff051c
commit fe17868
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/app/code/Magento/Reports/view/adminhtml/templates/grid.phtml b/app/code/Magento/Reports/view/adminhtml/templates/grid.phtml
@@ -31,7 +31,7 @@ $numColumns = sizeof($block->getColumns());
                                        type="text"
                                        id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_from') ?>"
                                        name="report_from"
-                                       value="<?= /* @escapeNotVerified */ $block->getFilter('report_from') ?>">
+                                       value="<?= $block->escapeHtml($block->getFilter('report_from')) ?>">
                                 <span id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_from_advice') ?>"></span>
                             </span>
 
@@ -44,7 +44,7 @@ $numColumns = sizeof($block->getColumns());
                                        type="text"
                                        id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_to') ?>"
                                        name="report_to"
-                                       value="<?= /* @escapeNotVerified */ $block->getFilter('report_to') ?>"/>
+                                       value="<?= $block->escapeHtml($block->getFilter('report_to')) ?>"/>
                                 <span id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_to_advice') ?>"></span>
                             </span>