Netsyms
/
Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Closes #118 Fix critical XSS vulnerability

Browse Source
merge-requests/2/head
Mike Koch 9 years ago
parent aa051b76e8
commit 1aeb19539f
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File

7
admin/admin_ticket.php
Unescape Escape View File

@ -859,7 +859,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<i class="fa fa-check-circle"></i> '.$hesklang['open_action'].'</a>';
}
$linkText = 'new_ticket.php?name='.$ticket['name'].'&email='.$ticket['email'].'&catid='.$category['id'].'&priority='.$ticket['priority'];
$strippedName = strip_tags($ticket['name']);
$strippedEmail = strip_tags($ticket['email']);
$linkText = 'new_ticket.php?name='.$strippedName.'&email='.$strippedEmail.'&catid='.$category['id'].'&priority='.$ticket['priority'];
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'] == 1)
@ -871,7 +873,8 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
} else {
$value = $ticket[$k];
}
$linkText .= '&c_'.$k.'='.$value;
$strippedCustomField = strip_tags($value);
$linkText .= '&c_'.$k.'='.$strippedCustomField;
}
}

Write Preview
Loading…
Cancel
Save