From 151cdee765be360aa7565d95d8aece1c2cab76f8 Mon Sep 17 00:00:00 2001
From: Damien Burel <damien.burel@maarch.org>
Date: Thu, 3 Dec 2015 10:29:45 +0000
Subject: [PATCH] FIX #3104 Add addslashes for error message

---
 core/trunk/core/manage_action.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/core/trunk/core/manage_action.php b/core/trunk/core/manage_action.php
index 968dff0144a..3f60e7c9103 100644
--- a/core/trunk/core/manage_action.php
+++ b/core/trunk/core/manage_action.php
@@ -286,9 +286,8 @@ else if(empty($_POST['values']) || !isset($_POST['action_id']) || empty($_POST['
         }
 		elseif( $_POST['req'] == 'first_request' && $error_visa_response_project == true)
         {
-            echo "{status : 3, form_content : '<div class=\"h2_title\">" . $visa->errorMessageVisa .
-                "</div><p class=\"buttons\"><input type=\"button\" onclick=\"destroyModal(\'" . $modalId . "\')\" class=\"button\" value=\"OK\" id=\"submit\" name=\"submit\"></p>',
-                height : 'auto', width : 'auto', 'mode_frm' : '', validate : 'OK', 'action_status' : '".functions::xssafe($status)."'}";
+            echo "{status : 3, form_content : '<div class=\"h2_title\">" . addslashes($visa->errorMessageVisa) .
+                "</div><p class=\"buttons\"><input type=\"button\" onclick=\"destroyModal(\'" . $modalId . "\')\" class=\"button\" value=\"OK\" id=\"submit\" name=\"submit\"></p>', height : 'auto', width : 'auto', 'mode_frm' : '', validate : 'OK', 'action_status' : '".functions::xssafe($status)."'}";
             exit();
         }
         elseif( $_POST['req'] == 'first_request' && $error_visa_workflow == true)
-- 
GitLab