chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

display: Sanitize attributes for anchor tag in Display::url function

Browse Source 
Refs advisory GHSA-gw58-89f7-4xgj
pull/6031/head
Angel Fernando Quiroz Campos 8 months ago
parent 89d2026720
commit 15023ce630
No known key found for this signature in database
GPG Key ID: B284841AE3E562CD
1 changed files with 3 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      main/inc/lib/display.lib.php

5
main/inc/lib/display.lib.php
Unescape View File

@ -917,9 +917,10 @@ class Display
$attribute_list = '';
// Managing the additional attributes
if (!empty($additional_attributes) && is_array($additional_attributes)) {
$attribute_list = '';
foreach ($additional_attributes as $key => &$value) {
$attribute_list .= $key.'="'.$value.'" ';
$sanitized_key = htmlspecialchars($key, ENT_QUOTES, api_get_system_encoding());
$sanitized_value = htmlspecialchars($value, ENT_QUOTES, api_get_system_encoding());
$attribute_list .= $sanitized_key.'="'.$sanitized_value.'" ';
}
}
//some tags don't have this </XXX>

Write Preview
Loading…
Cancel
Save