Escape potential HTML in ticket prefix

2023-01-02 14:56:04 +00:00 · 2023-01-02 14:56:04 +00:00 · b1bb854328
parent 72fd102e57
commit b1bb854328
1 changed files with 1 additions and 1 deletions
--- a/client_contact_details_modal.php
+++ b/client_contact_details_modal.php
@ -105,7 +105,7 @@

              while($row = mysqli_fetch_array($sql_related_tickets)){
                $ticket_id = $row['ticket_id'];
-                $ticket_prefix = $row['ticket_prefix'];
+                $ticket_prefix = htmlentities($row['ticket_prefix']);
                $ticket_number = $row['ticket_number'];
                $ticket_subject = htmlentities($row['ticket_subject']);