From dcf0bb67d1f85703687f9661f9819a5fa30430ed Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Mon, 2 Jan 2023 14:41:14 +0000
Subject: [PATCH] Escape potential HTML characters in client name

---
 api_key_add_modal.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api_key_add_modal.php b/api_key_add_modal.php
index 9253d568..4f6aa795 100644
--- a/api_key_add_modal.php
+++ b/api_key_add_modal.php
@@ -65,7 +65,7 @@ $key = bin2hex(random_bytes(78));
                 $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
                 while($row = mysqli_fetch_array($sql)){
                   $client_id = $row['client_id'];
-                  $client_name = $row['client_name'];
+                  $client_name = htmlentities($row['client_name']);
                   ?>
                   <option value="<?php echo $client_id; ?>"><?php echo "$client_name  (Client ID: $client_id)"; ?></option>