From 2fa781fa93c52f854f88e0a0123da13e94528473 Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Sat, 29 Sep 2018 11:33:47 +0200
Subject: [PATCH] Fix XSS in manage_filter_edit_page

Fixes #24814
---
 manage_filter_edit_page.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manage_filter_edit_page.php b/manage_filter_edit_page.php
index 9478d059c..ddb6fddb8 100644
--- a/manage_filter_edit_page.php
+++ b/manage_filter_edit_page.php
@@ -185,14 +185,14 @@ $t_filter_project_id = filter_get_field( $f_filter_id, 'project_id' );
 								<?php if( ALL_PROJECTS != $t_filter_project_id ) { ?>
 								<label>
 									<input type="radio" class="ace input-sm" name="filter_project_id" value="<?php echo $t_filter_project_id ?>" <?php check_checked( ALL_PROJECTS != $t_filter_project_id ) ?>>
-									<span class="lbl padding-6"><?php echo lang_get( 'stored_project' ) . ' (' . project_get_name( $t_filter_project_id ) . ')' ?></span>
+									<span class="lbl padding-6"><?php echo lang_get( 'stored_project' ) . ' (' . string_display_line( project_get_name( $t_filter_project_id ) ) . ')' ?></span>
 								</label>
 								<br>
 								<?php } ?>
 								<?php if( $t_filter_project_id != $t_current_project_id ) { ?>
 								<label>
 									<input type="radio" class="ace input-sm" name="filter_project_id" value="<?php echo $t_current_project_id ?>">
-									<span class="lbl padding-6"><?php echo lang_get( 'current_project' ) . ' (' . project_get_name( $t_current_project_id ) . ')' ?></span>
+									<span class="lbl padding-6"><?php echo lang_get( 'current_project' ) . ' (' . string_display_line( project_get_name( $t_current_project_id ) ) . ')' ?></span>
 								</label>
 								<?php } ?>
 							</td>
-- 
2.19.0