nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security fix for link in button (#7408)

Browse Source 
* security fix for link in button

* Escape characters for button link
This commit is contained in:
frytimo
2025-07-03 15:12:32 -03:00
committed by GitHub
parent 26d8527936
commit b163e3d906
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
resources/classes/button.php
View File

@@ -108,7 +108,7 @@
//link
if (!empty($array['link'])) {
$anchor = "<a ";
$anchor .= "href='".$array['link']."' ";
$anchor .= "href='" . self::escape_href($array['link']) . "' ";
$anchor .= "target='".(!empty($array['target']) ? $array['target'] : '_self')."' ";
//ensure only margin* styles are applied to the anchor element
if (!empty($array['style']) && is_array($array['style']) && @sizeof($array['style']) != 0) {
@@ -132,6 +132,12 @@
return substr_count($value, "'") ? '"'.$value.'"' : "'".$value."'";
}
private static function escape_href(string $url): string {
// clear whitespace
$url = trim($url);
return htmlspecialchars($url, ENT_QUOTES, 'UTF-8');
}
}
/*