Remove XSS when add/edit career - refs BT#10295

10 years ago · 1307b662d2
parent 1b320e5772
commit 1307b662d2
1 changed files with 12 additions and 0 deletions
--- a/main/inc/lib/career.lib.php
+++ b/main/inc/lib/career.lib.php
@ -220,6 +220,10 @@ class Career extends Model
     */
    public function save($params, $show_query = false)
    {
+        if (isset($params['description'])) {
+            $params['description'] = Security::remove_XSS($params['description']);
+        }
+
        $id = parent::save($params);
        if (!empty($id)) {
            Event::addEvent(
@ -249,4 +253,12 @@ class Career extends Model
            api_get_user_id()
        );
    }
+
+    public function update($params) {
+        if (isset($params['description'])) {
+            $params['description'] = Security::remove_XSS($params['description']);
+        }
+
+        parent::update($params);
+    }
 }