From d23c98043310d5eb433b793f138ddc7321dae7f7 Mon Sep 17 00:00:00 2001
From: Mufeed VH <mufeedvh@gmail.com>
Date: Fri, 29 Mar 2019 00:14:11 +0530
Subject: [PATCH] Fixed Multiple HTML Injection Vulnerabilities

**Fixed multiple HTML Injection vulnerabilities in "$customer[x]" output which prints out inside "value" tag without filtering causing it to break the entire HTML page structure.** :+1:

**What is HTML Injection:**
https://www.acunetix.com/vulnerabilities/web/html-injection/

**Proof of Concept:**
http://freecs9.epizy.com/core-php-admin/edit_customer.php?customer_id=256&operation=edit
***You can see that the injected HTML caused the page to break it's structure***
***Any payload appended with escaping characters (">) can break the page***

**Fix it ASAP as it's critical and this is an admin panel used by several people** :)
---
 forms/customer_form.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/forms/customer_form.php b/forms/customer_form.php
index 351e1b5..46ce74d 100644
--- a/forms/customer_form.php
+++ b/forms/customer_form.php
@@ -1,12 +1,12 @@
 <fieldset>
     <div class="form-group">
         <label for="f_name">First Name *</label>
-          <input type="text" name="f_name" value="<?php echo $edit ? $customer['f_name'] : ''; ?>" placeholder="First Name" class="form-control" required="required" id = "f_name" >
+          <input type="text" name="f_name" value="<?php echo htmlspecialchars($edit ? $customer['f_name'] : '', ENT_QUOTES, 'UTF-8'); ?>" placeholder="First Name" class="form-control" required="required" id = "f_name" >
     </div> 
 
     <div class="form-group">
         <label for="l_name">Last name *</label>
-        <input type="text" name="l_name" value="<?php echo $edit ? $customer['l_name'] : ''; ?>" placeholder="Last Name" class="form-control" required="required" id="l_name">
+        <input type="text" name="l_name" value="<?php echo htmlspecialchars($edit ? $customer['l_name'] : '', ENT_QUOTES, 'UTF-8'); ?>" placeholder="Last Name" class="form-control" required="required" id="l_name">
     </div> 
 
     <div class="form-group">
@@ -45,21 +45,21 @@
     </div>  
     <div class="form-group">
         <label for="email">Email</label>
-            <input  type="email" name="email" value="<?php echo $edit ? $customer['email'] : ''; ?>" placeholder="E-Mail Address" class="form-control" id="email">
+            <input  type="email" name="email" value="<?php echo htmlspecialchars($edit ? $customer['email'] : '', ENT_QUOTES, 'UTF-8'); ?>" placeholder="E-Mail Address" class="form-control" id="email">
     </div>
 
     <div class="form-group">
         <label for="phone">Phone</label>
-            <input name="phone" value="<?php echo $edit ? $customer['phone'] : ''; ?>" placeholder="987654321" class="form-control"  type="text" id="phone">
+            <input name="phone" value="<?php echo htmlspecialchars($edit ? $customer['phone'] : '', ENT_QUOTES, 'UTF-8'); ?>" placeholder="987654321" class="form-control"  type="text" id="phone">
     </div> 
 
     <div class="form-group">
         <label>Date of birth</label>
-        <input name="date_of_birth" value="<?php echo $edit ? $customer['date_of_birth'] : ''; ?>"  placeholder="Birth date" class="form-control"  type="date">
+        <input name="date_of_birth" value="<?php echo htmlspecialchars($edit ? $customer['date_of_birth'] : '', ENT_QUOTES, 'UTF-8'); ?>"  placeholder="Birth date" class="form-control"  type="date">
     </div>
 
     <div class="form-group text-center">
         <label></label>
         <button type="submit" class="btn btn-warning" >Save <span class="glyphicon glyphicon-send"></span></button>
     </div>            
-</fieldset>
\ No newline at end of file
+</fieldset>