From 447f20c91ce48201caabe68bece5db4d9161b979 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Mon, 2 Jan 2023 14:38:52 +0000
Subject: [PATCH] Escape potential HTML characters in the API Key name, as this
 is used in logs

---
 api/v1/validate_api_key.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/v1/validate_api_key.php b/api/v1/validate_api_key.php
index fa3646a8..fceeaa7c 100644
--- a/api/v1/validate_api_key.php
+++ b/api/v1/validate_api_key.php
@@ -88,7 +88,7 @@ if (isset($api_key)) {
 
         // Set client ID, company ID & key name
         $row = mysqli_fetch_array($sql);
-        $api_key_name = $row['api_key_name'];
+        $api_key_name = htmlentities($row['api_key_name']);
         $client_id = $row['api_key_client_id'];
         $company_id = $row['company_id'];