Documents

- Properly escape HTML in the edit modal - Tidy
2023-03-11 19:55:38 +00:00
parent 4344a4fcca
commit 90bba73aac
4 changed files with 16 additions and 20 deletions
--- a/client_document_edit_modal.php
+++ b/client_document_edit_modal.php
@@ -17,7 +17,7 @@
                    </div>

                    <div class="form-group">
-                        <textarea class="form-control summernote" name="content"><?php echo $document_content; ?></textarea>
+                        <textarea class="form-control summernote" name="content"><?php echo htmlentities($document_content); ?></textarea>
                    </div>

                    <div class="form-group">