Fix widget title injection vulnerability (#13452)

Prevent html/js code from being injected into widget titles.
This commit is contained in:
Tony Murray
2021-10-29 20:34:24 -05:00
committed by GitHub
parent 5900edbf16
commit 99d2462b80
2 changed files with 2 additions and 2 deletions
+1 -1
View File
@@ -103,7 +103,7 @@ class OverviewController extends Controller
$data = serialize(json_encode($data));
$dash_config = unserialize($data);
$hide_dashboard_editor = UserPref::getPref($user, 'hide_dashboard_editor');
$widgets = Widget::select('widget_id', 'widget_title')->orderBy('widget_title')->get();
$widgets = Widget::select(['widget_id', 'widget_title'])->orderBy('widget_title')->get();
$user_list = [];
if ($user->can('manage', User::class)) {