From 041d5aeb463b9638a11ec3b0f477c104aa6b43cb Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 19 Jan 2020 18:55:22 +0100
Subject: [PATCH] FIX XSS vulnerability in description of list of audit events.

---
 htdocs/admin/tools/listevents.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php
index 29f3f8fc7fb..39699d4240b 100644
--- a/htdocs/admin/tools/listevents.php
+++ b/htdocs/admin/tools/listevents.php
@@ -310,7 +310,7 @@ if ($result)
 			$text=$langs->trans($val[0], isset($val[1])?$val[1]:'', isset($val[2])?$val[2]:'', isset($val[3])?$val[3]:'', isset($val[4])?$val[4]:'');
 			if (! empty($reg[2])) $text.=$reg[2];
 		}
-		print dol_string_nohtmltag($text);
+		print dol_escape_htmltag($text);
 		print '</td>';
 
 		// More informations