Skip to content

Commit

Permalink
fixes #18730, prevent reflected XSS in analytics logger
Browse files Browse the repository at this point in the history
  • Loading branch information
@smaury @dylans
smaury authored and dylans committed Oct 7, 2015
1 parent 7c88fa3 commit 18ce703
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion analytics/logger/dojoxAnalytics.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

fclose($handle);

$response = '{"eventsReceived": "' . sizeof($items) . '", "id": "' . $id . '"}';
$response = '{"eventsReceived": "' . sizeof($items) . '", "id": "' . htmlentities($id) . '"}';
if ($_REQUEST["callback"]){
print htmlentities($_REQUEST["callback"]) . "(" . $response . ");";
}else{
Expand Down

0 comments on commit 18ce703

Please sign in to comment.