From 15023ce6301a8b623d789e8e788b2db9bf470547 Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <1697880+AngelFQC@users.noreply.github.com>
Date: Tue, 14 Jan 2025 15:51:39 -0500
Subject: [PATCH] display: Sanitize attributes for anchor tag in Display::url
 function

Refs advisory GHSA-gw58-89f7-4xgj
---
 main/inc/lib/display.lib.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/main/inc/lib/display.lib.php b/main/inc/lib/display.lib.php
index b951709b8c..3b9e8910b4 100755
--- a/main/inc/lib/display.lib.php
+++ b/main/inc/lib/display.lib.php
@@ -917,9 +917,10 @@ class Display
         $attribute_list = '';
         // Managing the additional attributes
         if (!empty($additional_attributes) && is_array($additional_attributes)) {
-            $attribute_list = '';
             foreach ($additional_attributes as $key => &$value) {
-                $attribute_list .= $key.'="'.$value.'" ';
+                $sanitized_key = htmlspecialchars($key, ENT_QUOTES, api_get_system_encoding());
+                $sanitized_value = htmlspecialchars($value, ENT_QUOTES, api_get_system_encoding());
+                $attribute_list .= $sanitized_key.'="'.$sanitized_value.'" ';
             }
         }
         //some tags don't have this </XXX>