fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMCORE-2325:Stored Cross-Site Scripting in cases email form

Browse Source
This commit is contained in:
fabio
2020-10-15 16:46:06 -04:00
parent 6942e304da
commit f4116e1fe6
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
workflow/engine/methods/mails/emailsAjax.php
View File

@@ -133,6 +133,8 @@ switch ($req) {
$row = $result->getRow();
$row['APP_MSG_STATUS'] = ucfirst($row['APP_MSG_STATUS']);
$row['APP_MSG_DATE'] = DateTime::convertUtcToTimeZone($row['APP_MSG_DATE']);
$row['APP_MSG_TO'] = htmlentities($row['APP_MSG_TO'], ENT_HTML5, "UTF-8");
$row['APP_MSG_ERROR'] = htmlentities($row['APP_MSG_ERROR'], ENT_HTML5, "UTF-8");
switch ($filterBy) {
case 'CASES':