From fc96accb1b87c262be71a9cef5201aed4b9db0d1 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Sat, 17 Mar 2018 08:10:16 +0100
Subject: escape get keys to prevent possible xss CVE-2018-7563

---
 3421ff97909c794839a731e68eb8910a8dea7cc2.patch | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 3421ff97909c794839a731e68eb8910a8dea7cc2.patch

(limited to '3421ff97909c794839a731e68eb8910a8dea7cc2.patch')

diff --git a/3421ff97909c794839a731e68eb8910a8dea7cc2.patch b/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
new file mode 100644
index 0000000..6c39d87
--- /dev/null
+++ b/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
@@ -0,0 +1,21 @@
+From 3421ff97909c794839a731e68eb8910a8dea7cc2 Mon Sep 17 00:00:00 2001
+From: Johan Cwiklinski <jcwiklinski@teclib.com>
+Date: Thu, 1 Mar 2018 09:26:04 +0100
+Subject: [PATCH] Escape get keys to prevent possible xss
+
+---
+ inc/html.class.php | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/inc/html.class.php b/inc/html.class.php
+index a985db5250..bcf1ab4c0c 100644
+--- a/inc/html.class.php
++++ b/inc/html.class.php
+@@ -4096,6 +4096,7 @@ static function printCleanArray($tab, $pad=0,$jsexpand=false) {
+          echo "<tr><th>KEY</th><th>=></th><th>VALUE</th></tr>";
+ 
+          foreach ($tab as $key => $val) {
++            $key = Toolbox::clean_cross_side_scripting_deep($key);
+             echo "<tr class='tab_bg_1'><td class='top right'>";
+             echo $key;
+             $is_array = is_array($val);
-- 
cgit