From 25cbb26e1dce74d1f0bd68b3db5c8923e5597092 Mon Sep 17 00:00:00 2001
From: Genaro Contreras Gutierrez <genaro_contreras@hotmail.com>
Date: Tue, 30 Jul 2019 08:38:14 -0700
Subject: [PATCH] update function get_request to preventXSS

The XSS prevent function was created and used
---
 lib/functions.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/functions.php b/lib/functions.php
index 470fb3b..e698f42 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -675,15 +675,22 @@ function get_request($attr,$type='POST',$die=false,$default=null,$preventXSS=fal
 		system_message(array(
 			'title'=>_('Generic Error'),
 			'body'=>sprintf('%s: Called "%s" without "%s" using "%s"',
-				basename($_SERVER['PHP_SELF']),get_request('cmd','REQUEST'),$attr,$type),
+				basename($_SERVER['PHP_SELF']),get_request('cmd','REQUEST'),preventXSS($attr),preventXSS($type)),
 			'type'=>'error'),
 			'index.php');
-	if(!is_null($value))
-		$value = htmlspecialchars(addslashes($value), ENT_QUOTES, 'UTF-8');
+	if($preventXSS && !is_null($value))
+		$value = preventXSS($value);
 	return $value;
 }
-
 /**
+*  Prevent XSS function
+*
+*/
+function preventXSS($value){
+	return htmlspecialchars(addslashes($value), ENT_QUOTES, 'UTF-8');
+}
+
+
  * Record a system message.
  * This function can be used as an alternative to generate a system message, if page hasnt yet been defined.
  */