From f81245fa8c25b36c11a1a914a19e20f2ccaf7ac2 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Thu, 15 Dec 2022 22:31:50 +0900
Subject: [PATCH] Escape limit_day_description when saving (cf. #2025)

---
 modules/member/member.admin.controller.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php
index 3aa42a6f4..8feb290af 100644
--- a/modules/member/member.admin.controller.php
+++ b/modules/member/member.admin.controller.php
@@ -396,6 +396,7 @@ class memberAdminController extends member
 		$all_args = Context::getRequestVars();
 
 		$args->limit_day = (int)$args->limit_day;
+		$args->limit_day_description = escape(trim(utf8_clean($args->limit_day_description)));
 		if($args->emailhost_check != 'allowed' && $args->emailhost_check != 'prohibited') $args->emailhost_check == 'allowed';
 
 		$args->special_phone_number = preg_replace('/[^0-9]/', '', $args->special_phone_number);