Browse code

XSS in autoreply

Hanno authored on09/03/2019 09:19:13
Showing1 changed files
... ...
@@ -164,7 +164,7 @@ $form .= "<h4>Betreffzeile der automatischen Antwort</h4>".
164 164
 
165 165
 $message = filter_input_general($ar['message']);
166 166
 $form .= "<h4>Inhalt der automatischen Antwort</h4>".
167
-  "<p><textarea cols=\"80\" rows=\"10\" name=\"ar_message\" id=\"ar_message\">".$ar['message']."</textarea></p>";
167
+  "<p><textarea cols=\"80\" rows=\"10\" name=\"ar_message\" id=\"ar_message\">".filter_input_general($ar['message'])."</textarea></p>";
168 168
 $quote = $ar['quote'];
169 169
 if (! $quote) {
170 170
     $quote = 'none';