From 348021a88121c023c3b813a0e4d8ad986194ccbd Mon Sep 17 00:00:00 2001
From: Yiheng Cao <65160922+Crispy-fried-chicken@users.noreply.github.com>
Date: Thu, 29 Aug 2024 19:48:27 +0800
Subject: [PATCH] =?UTF-8?q?Realiza=20sanitiza=C3=A7=C3=A3o=20no=20valor=20?=
 =?UTF-8?q?para=20evitar=20XSS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ieducar/intranet/include/clsCampos.inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ieducar/intranet/include/clsCampos.inc.php b/ieducar/intranet/include/clsCampos.inc.php
index 62303c3935..9ce5eeb914 100644
--- a/ieducar/intranet/include/clsCampos.inc.php
+++ b/ieducar/intranet/include/clsCampos.inc.php
@@ -1436,6 +1436,7 @@ classe = (classe == \'formmdtd\')? \'formlttd tr_\' + This.nome : \'formmdtd tr_
                         }
 
                         $retorno .= "<input class='{$class}' type='text' name=\"{$nome}\" id=\"{$nome}\" value=\"{$campo_valor}\" size=\"{$componente[4]}\" maxlength=\"{$componente[5]}\" {$evento} {$disabled}> {$componente[7]}";
+                        $campo_valor = ! is_null($campo_valor) ? htmlspecialchars($campo_valor, ENT_QUOTES) : null;
                         break;
 
                     case 'monetario':