Skip to content

Commit

Permalink
Skill: Fix XSS when showing selected skill
Browse files Browse the repository at this point in the history
  • Loading branch information
@AngelFQC
AngelFQC committed Apr 17, 2023
1 parent 3511252 commit fe28c31
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions main/admin/skills_wheel.php
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
<?php
/* For licensing terms, see /license.txt */

use Symfony\Component\HttpFoundation\Request as HttpRequest;

$cidReset = true;

require_once __DIR__.'/../inc/global.inc.php';
Expand All @@ -10,6 +12,8 @@
api_protect_admin_script(false, true);
Skill::isAllowed();

$httpRequest = HttpRequest::createFromGlobals();

//Adds the JS needed to use the jqgrid
$htmlHeadXtra[] = api_get_js('d3/d3.v3.5.4.min.js');
$htmlHeadXtra[] = api_get_js('d3/colorbrewer.js');
Expand All @@ -24,8 +28,9 @@

$skill_condition = '';
if (isset($_GET['skill_id'])) {
$skill_condition = '&skill_id='.intval($_GET['skill_id']);
$tpl->assign('skill_id_to_load', $_GET['skill_id']);
$skillId = $httpRequest->query->getInt('skill_id');
$skill_condition = "&skill_id=$skillId";
$tpl->assign('skill_id_to_load', $skillId);
}

$url = api_get_path(WEB_AJAX_PATH)."skill.ajax.php?a=get_skills_tree_json&load_user=$load_user";
Expand Down

0 comments on commit fe28c31

Please sign in to comment.