From 02229c671b244ab970df08688c9e38fba3339934 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Mon, 19 Jul 2021 11:17:00 +0200
Subject: [PATCH] Fix an XSS in the result graph

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 app/inc/smarty.php              | 4 ++++
 tpl/part/vote_table_classic.tpl | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/inc/smarty.php b/app/inc/smarty.php
index ff77dde..db17c51 100644
--- a/app/inc/smarty.php
+++ b/app/inc/smarty.php
@@ -73,6 +73,10 @@ function smarty_modifier_addslashes_single_quote($string) {
     return addcslashes($string, '\\\'');
 }
 
+function smarty_modifier_addslashes($string) {
+    return addslashes($string);
+}
+
 function smarty_modifier_html($html) {
     return Utils::htmlEscape($html);
 }
diff --git a/tpl/part/vote_table_classic.tpl b/tpl/part/vote_table_classic.tpl
index 65ca8c4..f949833 100644
--- a/tpl/part/vote_table_classic.tpl
+++ b/tpl/part/vote_table_classic.tpl
@@ -282,7 +282,7 @@
                 });
                 var cols = [
                 {foreach $slots as $id=>$slot}
-                    $('<div/>').html('{$slot->title|markdown:true}').text(),
+                    "{$slot->title|markdown:true|addslashes}",
                 {/foreach}
                 ];