CVE-2023-5316: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@332d2e4

Expand Up

@@ -22,6 +22,7 @@

use phpMyFAQ\Helper\AdministrationHelper;

use phpMyFAQ\Helper\LanguageHelper;

use phpMyFAQ\Helper\PermissionHelper;

use phpMyFAQ\Strings;

use phpMyFAQ\System;

use phpMyFAQ\Utils;

Expand Down Expand Up

@@ -95,7 +96,7 @@ function renderInputForm($key, $type)

is_numeric($value) ? ‘number’ : $type,

$key,

$key,

$value

Strings::htmlentities($value)

);

if (‘api.apiClientToken’ === $key) {

echo '<div class="input-group-append">’;

Expand Down Expand Up

@@ -143,7 +144,7 @@ function renderInputForm($key, $type)

printf(

'<input class="form-control" type="password" autocomplete="off" name="edit[%s]" value="%s">’,

$key,

$faqConfig->get($key)

Strings::htmlentities($faqConfig->get($key))

);

echo "</div>\n";

break;

Expand Down