security: Fix some reported security issues (#4807)

2024-10-07 16:52:45 +00:00 · 2016-10-15 20:45:18 +01:00
parent da0d04a5b6
commit a2f2ccfd2c
9 changed files with 34 additions and 12 deletions
--- a/html/includes/common/notes.inc.php
+++ b/html/includes/common/notes.inc.php
@@ -33,5 +33,5 @@ if (defined('SHOW_SETTINGS') || empty($widget_settings)) {
        </div>
    </form>';
 } else {
-    $common_output[] = stripslashes(nl2br($widget_settings['notes']));
+    $common_output[] = stripslashes(nl2br(htmlentities($widget_settings['notes'])));
 }