GHSA-grj5-8fcj-34gh follow-up fix (#5751)

Not sure how this was lost during the back&forth during the GHSA process but we missed escaping the 3rd parameter of raise_message_javascript().
Cacti · May 18, 2024 · 6a82fa1 · 6a82fa1
1 parent b577c29
commit 6a82fa1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/functions.php b/lib/functions.php
@@ -1053,7 +1053,7 @@ function raise_message_javascript($title, $header, $message) {
 	var mixedReasonTitle = DOMPurify.sanitize(<?php print json_encode($title, JSON_THROW_ON_ERROR);?>);
 	var mixedOnPage      = DOMPurify.sanitize(<?php print json_encode($header, JSON_THROW_ON_ERROR);?>);
 	sessionMessage   = {
-		message: DOMPurify.sanitize('<?php print $message;?>'),
+		message: DOMPurify.sanitize(<?php print json_encode($message, JSON_THROW_ON_ERROR);?>),
 		level: MESSAGE_LEVEL_MIXED
 	};