From 3f5bb90ae99554fdbc5f0867f5b91d80b461cbad Mon Sep 17 00:00:00 2001
From: jmontoyaa <gugli100@gmail.com>
Date: Fri, 17 Mar 2017 14:16:54 +0100
Subject: [PATCH] Add security::remove_XSS see BT#12486

---
 main/work/work.lib.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/main/work/work.lib.php b/main/work/work.lib.php
index b26134cd0c..0c9aa325f9 100755
--- a/main/work/work.lib.php
+++ b/main/work/work.lib.php
@@ -2045,6 +2045,7 @@ function get_work_user_list(
                 );
                 $work['title_clean'] = $work['title'];
 
+                $work['title'] = Security::remove_XSS($work['title']);
                 if (strlen($work['title']) > 30) {
                     $short_title = substr($work['title'], 0, 27).'...';
                     $work['title'] = Display::span($short_title, array('class' => 'work-title', 'title' => $work['title']));