Notebook: add remove_xss

jmontoyaa · jmontoyaa · commit 95eef5d3245e · 2021-08-03T09:14:41.000+02:00
diff --git a/main/inc/lib/notebook.lib.php b/main/inc/lib/notebook.lib.php
@@ -304,9 +304,11 @@ public static function display_notes()
                 Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL).'</a>';
 
             echo Display::panel(
-                $row['description'],
-                $row['title'].$session_img.' <div class="pull-right">'.$actions.'</div>',
-                get_lang('CreationDate').': '.Display::dateToStringAgoAndLongDate($row['creation_date']).$updateValue
+                Security::remove_XSS($row['description']),
+                Security::remove_XSS($row['title']).$session_img.
+                ' <div class="pull-right">'.$actions.'</div>',
+                get_lang('CreationDate').': '.Display::dateToStringAgoAndLongDate($row['creation_date']).
+                $updateValue
             );
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -304,9 +304,11 @@ public static function display_notes()`
`304`	`304`	`Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL).'</a>';`
`305`	`305`
`306`	`306`	`echo Display::panel(`
`307`		`- $row['description'],`
`308`		`- $row['title'].$session_img.' <div class="pull-right">'.$actions.'</div>',`
`309`		`- get_lang('CreationDate').': '.Display::dateToStringAgoAndLongDate($row['creation_date']).$updateValue`
	`307`	`+ Security::remove_XSS($row['description']),`
	`308`	`+ Security::remove_XSS($row['title']).$session_img.`
	`309`	`+ ' <div class="pull-right">'.$actions.'</div>',`
	`310`	`+ get_lang('CreationDate').': '.Display::dateToStringAgoAndLongDate($row['creation_date']).`
	`311`	`+ $updateValue`
`310`	`312`	`);`
`311`	`313`	`}`
`312`	`314`	`}`