purify input of accessibility info text, fixes #2408

Closes #2408 Merge request studip/studip!1605

purify input of accessibility info text, fixes #2408
9e3af772 · Jan-Hendrik Willms · Elmar Ludwig · 62944a2a · 9e3af772
Commit 9e3af772 authored 2 years ago by Jan-Hendrik Willms Committed by Elmar Ludwig 2 years ago
--- a/app/controllers/admin/accessibility_info_text.php
+++ b/app/controllers/admin/accessibility_info_text.php
@@ -26,7 +26,12 @@ class Admin_AccessibilityInfoTextController extends AuthenticatedController
    public function edit_action()
    {
        CSRFProtection::verifyUnsafeRequest();
-        Config::get()->store('ACCESSIBILITY_INFO_TEXT', Request::i18n('accessbility_info_text'));
+        Config::get()->store(
+            'ACCESSIBILITY_INFO_TEXT',
+            Studip\Markup::purifyHtml(Request::i18n('accessbility_info_text'))
+        );
        PageLayout::postSuccess(_('Die Einstellungen wurden gespeichert.'));
        $this->relocate('admin/accessibility_info_text/index');
    }