AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Escape potential HTML characters in usernames (ticket collision detection)

This commit is contained in:
Marcus Hill 2023-01-02 13:48:16 +00:00
parent 3bf4d7a1f1
commit 79dc34da92
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ajax.php
View File

@ -190,10 +190,10 @@ if (isset($_GET['ticket_query_views'])) {
$users = array_unique($users);
if (count($users) > 1) {
// Multiple viewers
$response['message'] = implode(", ", $users) . " are viewing this ticket.";
$response['message'] = htmlentities(implode(", ", $users) . " are viewing this ticket.");
} else {
// Single viewer
$response['message'] = implode("", $users) . " is viewing this ticket.";
$response['message'] = htmlentities(implode("", $users) . " is viewing this ticket.");
}
} else {
// No viewers