From 33b6a132b4a60935ed3c9a2c47c14fff139268dc Mon Sep 17 00:00:00 2001
From: Sergey Shvets <sshvets@magento.com>
Date: Tue, 13 Mar 2018 09:43:15 +0200
Subject: [PATCH] MAGETWO-70939: Reflected XSS in admin Reports

---
 app/code/Magento/Reports/view/adminhtml/templates/grid.phtml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/code/Magento/Reports/view/adminhtml/templates/grid.phtml b/app/code/Magento/Reports/view/adminhtml/templates/grid.phtml
index cb267ce29dd34..00766acac16fd 100644
--- a/app/code/Magento/Reports/view/adminhtml/templates/grid.phtml
+++ b/app/code/Magento/Reports/view/adminhtml/templates/grid.phtml
@@ -31,7 +31,7 @@ $numColumns = sizeof($block->getColumns());
                                        type="text"
                                        id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_from') ?>"
                                        name="report_from"
-                                       value="<?= /* @escapeNotVerified */ $block->getFilter('report_from') ?>">
+                                       value="<?= $block->escapeHtml($block->getFilter('report_from')) ?>">
                                 <span id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_from_advice') ?>"></span>
                             </span>
 
@@ -44,7 +44,7 @@ $numColumns = sizeof($block->getColumns());
                                        type="text"
                                        id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_to') ?>"
                                        name="report_to"
-                                       value="<?= /* @escapeNotVerified */ $block->getFilter('report_to') ?>"/>
+                                       value="<?= $block->escapeHtml($block->getFilter('report_to')) ?>"/>
                                 <span id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_to_advice') ?>"></span>
                             </span>