From f3b2ba0981dd08d7f8caff45007014486464a036 Mon Sep 17 00:00:00 2001
From: Michele Romano <33063403+Mik317@users.noreply.github.com>
Date: Mon, 17 Aug 2020 16:33:55 +0200
Subject: [PATCH] [FIX] XSS using htmlentities()

---
 bl-kernel/admin/views/edit-category.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bl-kernel/admin/views/edit-category.php b/bl-kernel/admin/views/edit-category.php
index e1f2019d..c3604371 100644
--- a/bl-kernel/admin/views/edit-category.php
+++ b/bl-kernel/admin/views/edit-category.php
@@ -31,7 +31,7 @@
 	echo Bootstrap::formInputText(array(
 		'name'=>'name',
 		'label'=>$L->g('Name'),
-		'value'=>$categoryMap['name'],
+		'value'=>htmlentities($categoryMap['name'], ENT_QUOTES, 'UTF-8'),
 		'class'=>'',
 		'placeholder'=>'',
 		'tip'=>''
@@ -50,7 +50,7 @@
 	echo Bootstrap::formInputText(array(
 		'name'=>'template',
 		'label'=>$L->g('Template'),
-		'value'=>isset($categoryMap['template'])?$categoryMap['template']:'',
+		'value'=>isset($categoryMap['template'])?htmlentities($categoryMap['template'], ENT_QUOTES, 'UTF-8'):'',
 		'class'=>'',
 		'placeholder'=>'',
 		'tip'=>''
@@ -89,4 +89,4 @@ $(document).ready(function() {
 		$("#jsform").submit();
 	});
 });
-</script>
\ No newline at end of file
+</script>