From 67b306795bcdbc56cde4b9bcb4a081f782f8e3ca Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Mon, 2 Jan 2023 15:17:58 +0000
Subject: [PATCH] Sanitize portal session vars against sql/html code

---
 portal/check_login.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/portal/check_login.php b/portal/check_login.php
index e0a6cfe1..bcb5a523 100644
--- a/portal/check_login.php
+++ b/portal/check_login.php
@@ -36,10 +36,10 @@ $session_company_id = $_SESSION['company_id'];
 $contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
 $contact = mysqli_fetch_array($contact_sql);
 
-$session_contact_name = $contact['contact_name'];
+$session_contact_name = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_name']));
 $session_contact_initials = initials($session_contact_name);
-$session_contact_title = $contact['contact_title'];
-$session_contact_email = $contact['contact_email'];
+$session_contact_title = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_title']));
+$session_contact_email = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_email']));
 $session_contact_photo = $contact['contact_photo'];
 
 // Get client info