XSS fix

2025-08-03 13:17:24 +02:00 · 2012-08-10 09:13:01 +00:00
parent 21d53a27b4
commit 35fe774435
1 changed files with 1 additions and 1 deletions
--- a/e107_handlers/validator_class.php
+++ b/e107_handlers/validator_class.php
@@ -1380,7 +1380,7 @@ class validatorClass
 			{
 				$vars['failed'][$f] = LAN_VALIDATE_191; 
 			}
-			$curLine = str_replace('%v', htmlentities($vars['failed'][$f]),$curLine);
+			$curLine = str_replace('%v', filter_var($vars['failed'][$f], FILTER_SANITIZE_SPECIAL_CHARS), $curLine);
 			$curLine = str_replace('%f', $f, $curLine);
 			if ($checkNice & isset($niceNames[$f]['niceName']))
 			{