From bcd58e885461bd97357d20efcd752135f3f4af2a Mon Sep 17 00:00:00 2001 From: Peter Rotich <peter@osticket.com> Date: Thu, 14 Sep 2017 05:16:52 +0000 Subject: [PATCH] Form data XSS Encode html entities of cached form data --- include/ajax.forms.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/ajax.forms.php b/include/ajax.forms.php index 77b4638bf..70c57e15b 100644 --- a/include/ajax.forms.php +++ b/include/ajax.forms.php @@ -21,7 +21,8 @@ class DynamicFormsAjaxAPI extends AjaxController { if ($_GET || isset($_SESSION[':form-data'])) { if (!is_array($_SESSION[':form-data'])) $_SESSION[':form-data'] = array(); - $_SESSION[':form-data'] = array_merge($_SESSION[':form-data'], $_GET); + $_SESSION[':form-data'] = array_merge($_SESSION[':form-data'], + Format::htmlchars($_GET)); } foreach ($topic->getForms() as $form) { -- GitLab