encode the url value

michield · michield · commit a9ee6fde7846 · 2020-06-12T11:24:42.000+01:00
diff --git a/public_html/lists/admin/send_core.php b/public_html/lists/admin/send_core.php
@@ -733,7 +733,7 @@ function submitform() {
         $maincontent .= '
       <div id="remoteurl" class="field"><label for="sendurl">' .$GLOBALS['I18N']->get('Send a Webpage - URL').Help('sendurl').'</label>'.'
         <input type="text" name="sendurl" id="remoteurlinput"
-       value="' .$messagedata['sendurl'].'" size="60" /> <span id="remoteurlstatus"></span></div>';
+       value="' .htmlspecialchars($messagedata['sendurl']).'" size="60" /> <span id="remoteurlstatus"></span></div>';
         if (isset($messagedata['sendmethod']) && $messagedata['sendmethod'] != 'remoteurl') {
             $GLOBALS['pagefooter']['hideremoteurl'] = '<script type="text/javascript">$("#remoteurl").hide();</script>';
         }

Original file line number	Diff line number	Diff line change
`@@ -733,7 +733,7 @@ function submitform() {`
`733`	`733`	`$maincontent .= '`
`734`	`734`	`<div id="remoteurl" class="field"><label for="sendurl">' .$GLOBALS['I18N']->get('Send a Webpage - URL').Help('sendurl').'</label>'.'`
`735`	`735`	`<input type="text" name="sendurl" id="remoteurlinput"`
`736`		`- value="' .$messagedata['sendurl'].'" size="60" /> <span id="remoteurlstatus"></span></div>';`
	`736`	`+ value="' .htmlspecialchars($messagedata['sendurl']).'" size="60" /> <span id="remoteurlstatus"></span></div>';`
`737`	`737`	`if (isset($messagedata['sendmethod']) && $messagedata['sendmethod'] != 'remoteurl') {`
`738`	`738`	`$GLOBALS['pagefooter']['hideremoteurl'] = '<script type="text/javascript">$("#remoteurl").hide();</script>';`
`739`	`739`	`}`