XSS patch for basic models

2021-03-12 19:28:16 +05:30
parent 5d8b86bf5e
commit 309a1557d9
6 changed files with 58 additions and 6 deletions
--- a/app/Model/helpdesk/Ticket/Ticket_Thread.php
+++ b/app/Model/helpdesk/Ticket/Ticket_Thread.php
@@ -132,7 +132,7 @@ class Ticket_Thread extends Model

    public function getSubject()
    {
-        $subject = $this->attributes['title'];
+        $subject = strip_tags($this->attributes['title']);
        $array = imap_mime_header_decode($subject);
        $title = '';
        if (is_array($array) && count($array) > 0) {