Fix tainted vars in db results

Research-IT-Swiss-TPH · Jul 25, 2023 · 8cbc73c · 8cbc73c
1 parent 3164d8a
commit 8cbc73c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/recordHomeDashboard.php b/recordHomeDashboard.php
@@ -424,7 +424,7 @@ public function getEventInfo() {
         and a.arm_id = e.arm_id order by a.arm_num, e.day_offset, e.descrip";
         $q = db_query($sql);
         while ($row = db_fetch_assoc($q)){
-            $eventInfo[] = array( 'value' => $row['event_id'], 'text' => $row['descrip']);
+            $eventInfo[] = array( 'value' => (string)(int) $row['event_id'], 'text' => htmlspecialchars($row['descrip'], ENT_QUOTES));
         }
         db_free_result($q);
         return $eventInfo;