Fixing a XSS - vulnerability discovered by tomreyn

Signed-off-by: Florian Aders (EleRas) <eleras@froxlor.org>
2011-03-19 13:14:28 +01:00
parent 0f4695a43f
commit 5e0c641a02
3 changed files with 16 additions and 15 deletions
--- a/lib/formfields/admin/ticket/formfield.ticket_reply.php
+++ b/lib/formfields/admin/ticket/formfield.ticket_reply.php
@@ -38,7 +38,7 @@ return array(
 					'category' => array(
 						'label' => $lng['ticket']['category'],
 						'type' => 'label',
-						'value' => $row['name']
+						'value' => htmlentities($row['name']),
 					),
 					'message' => array(
 						'style' => 'vertical-align:top;',