Fix h1 report 1083231

revive-adserver · Jan 23, 2021 · e2a67ce · e2a67ce
1 parent 1a05c59
commit e2a67ce
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
@@ -23,7 +23,8 @@ What's New in Revive Adserver 5.1.1
  Security Updates
  ----------------
 
- * None
+ * Fixed reflected XSS vulnerability in userlog-index.php via the
+   period_preset parameter.
 
 
  New Features

diff --git a/lib/OA/Admin/UI/Field/AuditDaySpanField.php b/lib/OA/Admin/UI/Field/AuditDaySpanField.php
@@ -99,7 +99,7 @@ function {$this->_name}Reset()
         {
             document.getElementById('{$this->_name}_start').value = '$startDateStr';
             document.getElementById('{$this->_name}_start').value = '$endDateStr';
-            document.getElementById('{$this->_name}_preset').value = '{$this->_fieldSelectionValue}';
+            document.getElementById('{$this->_name}_preset').value = \"".addcslashes(stripslashes($this->_fieldSelectionValue), "\0..\37/\"\\")."\";
         }
         function {$this->_name}FormSubmit() {
             submitForm();