display: Sanitize attributes for anchor tag in Display::url function

AngelFQC · AngelFQC · commit 15023ce6301a · 2025-01-14T15:52:13.000-05:00
Refs advisory GHSA-gw58-89f7-4xgj
diff --git a/main/inc/lib/display.lib.php b/main/inc/lib/display.lib.php
@@ -917,9 +917,10 @@ public static function tag($tag, $content, $additional_attributes = [])
         $attribute_list = '';
         // Managing the additional attributes
         if (!empty($additional_attributes) && is_array($additional_attributes)) {
-            $attribute_list = '';
             foreach ($additional_attributes as $key => &$value) {
-                $attribute_list .= $key.'="'.$value.'" ';
+                $sanitized_key = htmlspecialchars($key, ENT_QUOTES, api_get_system_encoding());
+                $sanitized_value = htmlspecialchars($value, ENT_QUOTES, api_get_system_encoding());
+                $attribute_list .= $sanitized_key.'="'.$sanitized_value.'" ';
             }
         }
         //some tags don't have this </XXX>

Original file line number	Diff line number	Diff line change
`@@ -917,9 +917,10 @@ public static function tag($tag, $content, $additional_attributes = [])`
`917`	`917`	`$attribute_list = '';`
`918`	`918`	`// Managing the additional attributes`
`919`	`919`	`if (!empty($additional_attributes) && is_array($additional_attributes)) {`
`920`		`- $attribute_list = '';`
`921`	`920`	`foreach ($additional_attributes as $key => &$value) {`
`922`		`- $attribute_list .= $key.'="'.$value.'" ';`
	`921`	`+ $sanitized_key = htmlspecialchars($key, ENT_QUOTES, api_get_system_encoding());`
	`922`	`+ $sanitized_value = htmlspecialchars($value, ENT_QUOTES, api_get_system_encoding());`
	`923`	`+ $attribute_list .= $sanitized_key.'="'.$sanitized_value.'" ';`
`923`	`924`	`}`
`924`	`925`	`}`
`925`	`926`	`//some tags don't have this </XXX>`