AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix XSS in expenses and trips export CSV modal Thanks @tdragon

This commit is contained in:
johnnyq 2023-05-09 12:11:42 -04:00
parent 09ff8b710b
commit cb0366b9f7
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
expense_export_modal.php
View File

@ -18,7 +18,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
</div>
<input type="date" class="form-control" name="date_from" max="2999-12-31" value="<?php echo $dtf; ?>">
<input type="date" class="form-control" name="date_from" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
</div>
</div>
@ -28,7 +28,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
</div>
<input type="date" class="form-control" name="date_to" max="2999-12-31" value="<?php echo $dtt; ?>">
<input type="date" class="form-control" name="date_to" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
</div>
</div>

4
trip_export_modal.php
View File

@ -18,7 +18,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
</div>
<input type="date" class="form-control" name="date_from" max="2999-12-31" value="<?php echo $dtf; ?>">
<input type="date" class="form-control" name="date_from" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
</div>
</div>
@ -28,7 +28,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
</div>
<input type="date" class="form-control" name="date_to" max="2999-12-31" value="<?php echo $dtt; ?>">
<input type="date" class="form-control" name="date_to" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
</div>
</div>