gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-31 21:27:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

escape role name to prevent xss attack

Browse Source
This commit is contained in:
Uwe Steinmann 2022-03-28 21:33:48 +02:00
parent 283d051d3a
commit 9e92524fdb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
views/bootstrap/class.UsrMgr.php
View File

@ -351,7 +351,7 @@ $(document).ready( function() {
);
$options = array();
foreach($roles as $role) {
$options[] = array($role->getID(), $role->getName(), ($currUser && $currUser->getRole()->getID() == $role->getID()));
$options[] = array($role->getID(), htmlspecialchars($role->getName()), ($currUser && $currUser->getRole()->getID() == $role->getID()));
}
$this->formField(
getMLText("role"),