System:Settings:Cron - cleanse user input in /ui/cron/item/open/...

2026-03-13 08:09:41 +00:00 · 2023-06-29 21:29:32 +02:00 · 2023-06-29 21:29:32 +02:00 · 5edff49db1
commit 5edff49db1
parent 77aa58b046
1 changed files with 1 additions and 1 deletions
--- a/src/opnsense/mvc/app/controllers/OPNsense/Cron/ItemController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Cron/ItemController.php
@ -43,7 +43,7 @@ class ItemController extends \OPNsense\Base\IndexController
     */
    public function openAction($uuid = null)
    {
-        $this->view->selected_uuid = $uuid;
+        $this->view->selected_uuid = htmlspecialchars($uuid, ENT_QUOTES | ENT_HTML401);
        // include dialog form definitions
        $this->view->formDialogEdit = $this->getForm("dialogEdit");
        $this->view->pick('OPNsense/Cron/index');