Merge pull request #2263 from magento-chaika/MAGETWO-70939

dvoskoboinikov · web-flow · commit fe178680a904 · 2018-03-24T18:54:42.000+02:00
Fixed issues:
- MAGETWO-70939: Reflected XSS in admin Reports
diff --git a/app/code/Magento/Reports/view/adminhtml/templates/grid.phtml b/app/code/Magento/Reports/view/adminhtml/templates/grid.phtml
@@ -31,7 +31,7 @@ $numColumns = sizeof($block->getColumns());
                                        type="text"
                                        id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_from') ?>"
                                        name="report_from"
-                                       value="<?= /* @escapeNotVerified */ $block->getFilter('report_from') ?>">
+                                       value="<?= $block->escapeHtml($block->getFilter('report_from')) ?>">
                                 <span id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_from_advice') ?>"></span>
                             </span>
 
@@ -44,7 +44,7 @@ $numColumns = sizeof($block->getColumns());
                                        type="text"
                                        id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_to') ?>"
                                        name="report_to"
-                                       value="<?= /* @escapeNotVerified */ $block->getFilter('report_to') ?>"/>
+                                       value="<?= $block->escapeHtml($block->getFilter('report_to')) ?>"/>
                                 <span id="<?= /* @escapeNotVerified */ $block->getSuffixId('period_date_to_advice') ?>"></span>
                             </span>
 
