Jared Vititoe 28aa9e33ea Fix XSS: escape table data and sanitize sort/pagination URL params ...

- htmlspecialchars() on category, type, status in table rows
- htmlspecialchars() on data-status attributes in quick-action buttons
- Restrict $currentDir to 'asc'|'desc' to prevent class injection
- htmlspecialchars() on all http_build_query URLs in pagination and sort headers
- htmlspecialchars() on AuditLogView pagination URLs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-20 20:40:51 -04:00

53 KiB

Raw Blame History

View Raw