Remove XSS vulnerabilities

This commit is contained in:
Rene Vergara 2023-06-23 09:29:08 -05:00
parent 0dd89a0e7f
commit 08690a29a5
Signed by: pitmutt
GPG key ID: 65122AD495A7F5B2

View file

@ -232,9 +232,9 @@ class zpmt_stats_page {
font-weight: 600;">';
}
$line++;
print '<td><a href="https://dev.zgo.cash/invoice/' . $row->pmt_orderid . '" target="_blank">' . $row->pmt_orderid . "</a></td>";
print '<td><a href="https://dev.zgo.cash/invoice/' . htmlentities($row->pmt_orderid, ENT_QUOTES) . '" target="_blank">' . htmlentities($row->pmt_orderid, ENT_QUOTES) . "</a></td>";
print "<td>" . $row->pmt_wc_order . "</td>";
print "<td>" . $row->pmt_wc_custname . "</td>";
print "<td>" . htmlentities($row->pmt_wc_custname, ENT_QUOTES) . "</td>";
print '<td style="text-align:center;">'. $row->pmt_accepted . "</td>";
print '<td style="text-align:center;">'.$row->pmt_confirmed ."</td>";
print '<td style="text-align:right;">'. number_format($row->pmt_amount,2) . "</td>";