From 36651b9139498bedde574be6dd2a6eaada50b8b0 Mon Sep 17 00:00:00 2001
From: JediKev <kevin@enhancesoft.com>
Date: Mon, 12 Feb 2018 16:12:11 -0600
Subject: [PATCH] xss: Prevent Agent Directory XSS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This addresses a vulnerability where an Agent can perform XSS via the
Agent Directory’s REQUEST query string. This sanitizes the request params
so the code will be escaped and not executed in the browser.
---
 include/staff/directory.inc.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/staff/directory.inc.php b/include/staff/directory.inc.php
index 9eb4926dd..a604acc18 100644
--- a/include/staff/directory.inc.php
+++ b/include/staff/directory.inc.php
@@ -5,6 +5,10 @@ $qs = array();
 $agents = Staff::objects()
     ->select_related('dept');
 
+// Sanitize 'order' param To Escape XSS
+if ($_REQUEST['order'])
+    $_REQUEST['order'] = Format::sanitize($_REQUEST['order']);
+
 if($_REQUEST['q']) {
     $searchTerm=$_REQUEST['q'];
     if($searchTerm){
-- 
GitLab