Merge remote-tracking branch 'kevin/issue/xss-agent-directory' into features_prs/develop-next

* kevin/issue/xss-agent-directory: xss: Prevent Agent Directory XSS

Merge remote-tracking branch 'kevin/issue/xss-agent-directory' into features_prs/develop-next
* kevin/issue/xss-agent-directory: xss: Prevent Agent Directory XSS
134bb2de · aydreeihn · 74b7c6fb · 36651b91 · 134bb2de
Commit 134bb2de authored 7 years ago by aydreeihn
--- a/include/staff/directory.inc.php
+++ b/include/staff/directory.inc.php
@@ -5,6 +5,10 @@ $qs = array();
 $agents = Staff::objects()
    ->select_related('dept');

+// Sanitize 'order' param To Escape XSS
+if ($_REQUEST['order'])
+    $_REQUEST['order'] = Format::sanitize($_REQUEST['order']);
+
 if($_REQUEST['q']) {
    $searchTerm=$_REQUEST['q'];
    if($searchTerm){