Headline
CVE-2023-2948: fixes: couple more misc fixes (#6336) · openemr/openemr@af1ecf7
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
Expand Up
@@ -55,7 +55,7 @@ function add_template(){
url: "ajax_code.php",
dataType: "html",
data: {
list_id: <?php echo htmlspecialchars($list_id, ENT_QUOTES);?>,
list_id: <?php echo js_escape($list_id); ?>,
multi: val,
source: “save_provider”
},
Expand All
@@ -71,7 +71,7 @@ function add_template(){
return;
}
else{
alert(“<?php echo addslashes(xl(‘You should select at least one Provider’));?>”);
alert(<?php echo xlj(‘You should select at least one Provider’);?>);
}
}
Expand All
@@ -97,13 +97,13 @@ function add_template(){
$sel = '’;
}
}
echo “<option value=’” . htmlspecialchars($row[‘id’], ENT_QUOTES) . “’ $sel>” . htmlspecialchars($row[‘lname’] . “,” . $row[‘fname’], ENT_QUOTES) . "</option>";
echo “<option value=’” . attr($row[‘id’]) . “’ $sel>” . text($row[‘lname’] . “,” . $row[‘fname’]) . "</option>";
}
?>
</select>
</td>
<td>
<a href="#" onclick="add_template()" class="btn btn-primary"><span><?php echo htmlspecialchars(xl(‘Save’), ENT_QUOTES);?></span></a>
<a href="#" onclick="add_template()" class="btn btn-primary"><span><?php echo xlt(‘Save’);?></span></a>
</td>
</tr>
</table>
Expand Down