Fixes: bug 13880 - cleanhtml() Unchecked Return Value Stored Cross-Site
Scripting
Signed-off-by: Adolf Belka <[email protected]>
---
config/cfgroot/header.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl
index 9492b467d..6e65f4137 100644
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -647,7 +647,7 @@ sub cleanhtml {
# decode the UTF-8 text so that characters with diacritical marks such
as
# umlauts are treated correctly by the escape command
$outstring = &Encode::decode("UTF-8",$outstring);
- escape($outstring);
+ $outstring = escape($outstring);
# encode the text back to UTF-8 after running the escape command
$outstring = &Encode::encode("UTF-8",$outstring);
return $outstring;
--
2.51.0
