From 4b13f0e025b08263d7231845bc76034d9adc7847 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Tue, 22 Sep 2015 04:08:03 -0700
Subject: since this is now usable, protect the displayed delivery reports from
 XSS injection

---
 mod/dreport.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mod/dreport.php')

diff --git a/mod/dreport.php b/mod/dreport.php
index 3c74a9e33..a20e17372 100644
--- a/mod/dreport.php
+++ b/mod/dreport.php
@@ -32,7 +32,7 @@ function dreport_content(&$a) {
 
 	foreach($r as $rr) {
 		$name = escape_tags(substr($rr['dreport_recip'],strpos($rr['dreport_recip'],' ')));
-		$o .= '<tr><td>' . $name . '</td><td>' . $rr['dreport_result'] . '</td><td>' . $rr['dreport_time'] . '</td></tr>';
+		$o .= '<tr><td>' . $name . '</td><td>' . escape_tags($rr['dreport_result']) . '</td><td>' . escape_tags($rr['dreport_time']) . '</td></tr>';
 	}
 	$o .= '</table>';
 
-- 
cgit v1.2.3