since this is now usable, protect the displayed delivery reports from XSS injection

2015-09-22 04:08:03 -07:00 · 2015-09-22 04:08:03 -07:00 · 4b13f0e025
commit 4b13f0e025
parent 2869ccfe39
1 changed files with 1 additions and 1 deletions
--- a/mod/dreport.php
+++ b/mod/dreport.php
@ -32,7 +32,7 @@ function dreport_content(&$a) {

 	foreach($r as $rr) {
 		$name = escape_tags(substr($rr['dreport_recip'],strpos($rr['dreport_recip'],' ')));
-		$o .= '<tr><td>' . $name . '</td><td>' . $rr['dreport_result'] . '</td><td>' . $rr['dreport_time'] . '</td></tr>';
+		$o .= '<tr><td>' . $name . '</td><td>' . escape_tags($rr['dreport_result']) . '</td><td>' . escape_tags($rr['dreport_time']) . '</td></tr>';
 	}
 	$o .= '</table>';