From 22ca5e067189bffe8066df26df923a386f044c08 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 19 Jun 2020 00:39:27 +0200
Subject: [PATCH] Fix XSS reported by C. Weiler <sak1.s3curity@gmail.com> in
 notice.php

---
 htdocs/public/notice.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/htdocs/public/notice.php b/htdocs/public/notice.php
index 43344c376aa..9663bff3cf0 100644
--- a/htdocs/public/notice.php
+++ b/htdocs/public/notice.php
@@ -41,9 +41,8 @@ if (! GETPOST('transkey', 'alphanohtml') && ! GETPOST('transphrase', 'alphanohtm
 }
 else
 {
-    $langs->load("error");
-    $langs->load("other");
+    $langs->loadLangs(array("error", "other"));
 
-    if (GETPOST('transphrase', 'alphanohtml')) print GETPOST('transphrase', 'alphanohtml');
-    if (GETPOST('transkey', 'alphanohtml')) print $langs->trans(GETPOST('transkey', 'alphanohtml'));
+    if (GETPOST('transphrase', 'alphanohtml')) print dol_escape_htmltag(GETPOST('transphrase', 'alphanohtml'));
+    elseif (GETPOST('transkey', 'alphanohtml')) print dol_escape_htmltag($langs->trans(GETPOST('transkey', 'alphanohtml')));
 }