12 anni fa · 3dd051aecb
--- a/tripal_pub/tripal_pub.module
+++ b/tripal_pub/tripal_pub.module
@@ -1052,7 +1052,7 @@ function tripal_pub_ajax_form_handler($delta=0 ) {
 
				 
			
 
				     $form_state = array('storage' => NULL, 'submitted' => FALSE);
			
 
				 
			
 
				-    $form_build_id = $_POST['form_build_id'];
			
 
				+    $form_build_id = filter_xss($_POST['form_build_id']);
			
 
				 
			
 
				     // Get the form from the cache.
			
 
				     $form = form_get_cache($form_build_id, $form_state);