Fix: Reading Share Settings from Share containing ' crashes the share

Root cause is that arguments passed to mk_option() should be sanitized via htmlspecialchars().
2026-01-06 09:39:58 -06:00 · 2025-09-05 10:30:14 -07:00
parent 34be5b3c23
commit 2cc687c64f
1 changed files with 2 additions and 0 deletions
--- a/emhttp/plugins/dynamix/include/Helpers.php
+++ b/emhttp/plugins/dynamix/include/Helpers.php
@@ -180,6 +180,8 @@ function my_error($code) {
 }

 function mk_option($select, $value, $text, $extra="") {
+  $value = htmlspecialchars($value);
+  $text = htmlspecialchars($text);
  return "<option value='$value'".($value == $select ? " selected" : "").(strlen($extra) ? " $extra" : "").">$text</option>";
 }