[security] prevent xml injection and executing switch api cmds (#6594)

2026-02-21 18:36:31 +00:00 · 2023-03-30 01:24:04 -04:00
parent de70dd2910
commit ca36d10121
5 changed files with 158 additions and 108 deletions
--- a/resources/classes/xml.php
+++ b/resources/classes/xml.php
@@ -0,0 +1,16 @@
+<?php
+
+if (!class_exists('xml')) {
+    class xml {
+
+        /**
+         * Escapes xml special characters to html entities and sanitze switch special chars.
+         */
+        static function sanitize($string) {
+            return str_replace('$', '', htmlspecialchars($string, ENT_XML1));
+        }
+
+    }
+}
+
+?>