24814-XSS-manage_filter_edit_page.patch (1,786 bytes)
From 2fa781fa93c52f854f88e0a0123da13e94528473 Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Sat, 29 Sep 2018 11:33:47 +0200
Subject: [PATCH] Fix XSS in manage_filter_edit_page
Fixes #24814
---
manage_filter_edit_page.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/manage_filter_edit_page.php b/manage_filter_edit_page.php
index 9478d059c..ddb6fddb8 100644
--- a/manage_filter_edit_page.php
+++ b/manage_filter_edit_page.php
@@ -185,14 +185,14 @@ $t_filter_project_id = filter_get_field( $f_filter_id, 'project_id' );
<?php if( ALL_PROJECTS != $t_filter_project_id ) { ?>
<label>
<input type="radio" class="ace input-sm" name="filter_project_id" value="<?php echo $t_filter_project_id ?>" <?php check_checked( ALL_PROJECTS != $t_filter_project_id ) ?>>
- <span class="lbl padding-6"><?php echo lang_get( 'stored_project' ) . ' (' . project_get_name( $t_filter_project_id ) . ')' ?></span>
+ <span class="lbl padding-6"><?php echo lang_get( 'stored_project' ) . ' (' . string_display_line( project_get_name( $t_filter_project_id ) ) . ')' ?></span>
</label>
<br>
<?php } ?>
<?php if( $t_filter_project_id != $t_current_project_id ) { ?>
<label>
<input type="radio" class="ace input-sm" name="filter_project_id" value="<?php echo $t_current_project_id ?>">
- <span class="lbl padding-6"><?php echo lang_get( 'current_project' ) . ' (' . project_get_name( $t_current_project_id ) . ')' ?></span>
+ <span class="lbl padding-6"><?php echo lang_get( 'current_project' ) . ' (' . string_display_line( project_get_name( $t_current_project_id ) ) . ')' ?></span>
</label>
<?php } ?>
</td>
--
2.19.0
