From e37ca7c70270bbdfcd24baa0cf5fe6d62d9e00af Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sat, 5 Aug 2023 16:08:39 +0900
Subject: [PATCH] Fix missing encoding of HTML elements in group title and
 description

---
 modules/member/member.admin.controller.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php
index a896a846b..7b68e65da 100644
--- a/modules/member/member.admin.controller.php
+++ b/modules/member/member.admin.controller.php
@@ -1358,6 +1358,8 @@ class MemberAdminController extends Member
 		}
 		$args->group_srl = !empty($args->group_srl) ? $args->group_srl : getNextSequence();
 		$args->list_order = $args->list_order ?? $args->group_srl;
+		$args->title = escape($args->title);
+		$args->description = escape($args->description);
 
 		$output = executeQuery('member.insertGroup', $args);
 		if ($output->toBool())
@@ -1407,6 +1409,8 @@ class MemberAdminController extends Member
 			$output = executeQuery('member.updateGroupDefaultClear', $args);
 			if(!$output->toBool()) return $output;
 		}
+		$args->title = isset($args->title) ? escape($args->title) : null;
+		$args->description = isset($args->description) ? escape($args->description) : null;
 
 		$output = executeQuery('member.updateGroup', $args);
 		if ($output->toBool())