Security: apply attr_on_filter when send message by social network

Author: AngelFQC

main/inc/ajax/message.ajax.php

@@ -47,6 +47,7 @@
 
         $subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : null;
         $messageContent = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : null;
+        $messageContent = attr_on_filter($messageContent);
 
         if (empty($subject) || empty($messageContent)) {
             echo Display::return_message(get_lang('ErrorSendingMessage'), 'error');