purify input of accessibility info text, fixes #2408

Closes #2408 Merge request studip/studip!1605
author: Jan-Hendrik Willms <tleilax+studip@gmail.com> 2023-03-21 13:04:49 +0000
committer: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de> 2023-03-21 13:04:49 +0000
commit: 9e3af772ac36e714fcb9d590b0f1eda7017d33af (patch)
tree: 0fbd63087d65c1f46fbb014283f05376933d5311 /app/controllers/admin/accessibility_info_text.php
parent: 62944a2af083b1ee620a93a278f533a7f03315e5 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/admin/accessibility_info_text.php b/app/controllers/admin/accessibility_info_text.php
index 9a1828b..7d3290b 100644
--- a/app/controllers/admin/accessibility_info_text.php
+++ b/app/controllers/admin/accessibility_info_text.php
@@ -26,7 +26,12 @@ class Admin_AccessibilityInfoTextController extends AuthenticatedController
     public function edit_action()
     {
         CSRFProtection::verifyUnsafeRequest();
-        Config::get()->store('ACCESSIBILITY_INFO_TEXT', Request::i18n('accessbility_info_text'));
+
+        Config::get()->store(
+            'ACCESSIBILITY_INFO_TEXT',
+            Studip\Markup::purifyHtml(Request::i18n('accessbility_info_text'))
+        );
+
         PageLayout::postSuccess(_('Die Einstellungen wurden gespeichert.'));
         $this->relocate('admin/accessibility_info_text/index');
     }
author	Jan-Hendrik Willms <tleilax+studip@gmail.com>	2023-03-21 13:04:49 +0000
committer	Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>	2023-03-21 13:04:49 +0000
commit	9e3af772ac36e714fcb9d590b0f1eda7017d33af (patch)
tree	0fbd63087d65c1f46fbb014283f05376933d5311 /app/controllers/admin/accessibility_info_text.php
parent	62944a2af083b1ee620a93a278f533a7f03315e5 (diff)