1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-12-23 02:04:46 +02:00

[Web] escape html of alert messages

This commit is contained in:
FreddleSpl0it 2024-04-04 09:31:20 +02:00
parent cd24057f1a
commit cf2fda66e2
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5

View File

@ -12,7 +12,8 @@ $alertbox_log_parser = alertbox_log_parser($_SESSION);
$alerts = []; $alerts = [];
if (is_array($alertbox_log_parser)) { if (is_array($alertbox_log_parser)) {
foreach ($alertbox_log_parser as $log) { foreach ($alertbox_log_parser as $log) {
$message = strtr($log['msg'], ["\n" => '', "\r" => '', "\t" => '<br>']); $message = htmlspecialchars($log['msg'], ENT_QUOTES);
$message = strtr($message, ["\n" => '', "\r" => '', "\t" => '<br>']);
$alerts[trim($log['type'], '"')][] = trim($message, '"'); $alerts[trim($log['type'], '"')][] = trim($message, '"');
} }
$alert = array_filter(array_unique($alerts)); $alert = array_filter(array_unique($alerts));