Merge pull request #341 from creative-commoners/pulls/4.0/xss-create-job

[CVE-2021-27938] Prevent echoing request variable
symbiote · Mar 14, 2021 · 1fe21e5 · 1fe21e5
2 parents 7be5d70 + 4c8aa39
commit 1fe21e5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Tasks/CreateQueuedJobTask.php b/src/Tasks/CreateQueuedJobTask.php
@@ -54,7 +54,7 @@ public function run($request)
             $now = time();
             if ($start >= $now) {
                 $friendlyStart = date('Y-m-d H:i:s', $start);
-                echo "Job ".$request['name']. " queued to start at: <b>".$friendlyStart."</b>";
+                echo 'Job queued to start at: <b>' . $friendlyStart . '</b>';
                 singleton('Symbiote\\QueuedJobs\\Services\\QueuedJobService')->queueJob($job, $start);
             } else {
                 echo "'start' parameter must be a date/time in the future, parseable with strtotime";