Skip to content
Snippets Groups Projects
Commit 92e5a8f5 authored by Jared Hancock's avatar Jared Hancock
Browse files

Fix XSS vulnerability in phone number field

parent 78ee98e3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 2 deletions
include/class.forms.php
+ 3
2
View file @ 92e5a8f5
...@@ -1017,12 +1017,13 @@ class PhoneNumberWidget extends Widget { ...@@ -1017,12 +1017,13 @@ class PhoneNumberWidget extends Widget {
list($phone, $ext) = explode("X", $this->value); list($phone, $ext) = explode("X", $this->value);
?> ?>
<input type="text" name="<?php echo $this->name; ?>" value="<?php <input type="text" name="<?php echo $this->name; ?>" value="<?php
echo $phone; ?>"/><?php echo Format::htmlchars($phone); ?>"/><?php
// Allow display of extension field even if disabled if the phone // Allow display of extension field even if disabled if the phone
// number being edited has an extension // number being edited has an extension
if ($ext || $config['ext']) { ?> Ext: if ($ext || $config['ext']) { ?> Ext:
<input type="text" name="<?php <input type="text" name="<?php
echo $this->name; ?>-ext" value="<?php echo $ext; ?>" size="5"/> echo $this->name; ?>-ext" value="<?php echo Format::htmlchars($ext);
?>" size="5"/>
<?php } <?php }
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment