From dd497d93c60746f294a3e9fa5186248c59b3defd Mon Sep 17 00:00:00 2001
From: Amine Ben hammou <amine@mailpoet.com>
Date: Mon, 18 Mar 2019 17:54:27 +0100
Subject: [PATCH] Filter flags values before saving them

---
 lib/API/JSON/v1/UserFlags.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/API/JSON/v1/UserFlags.php b/lib/API/JSON/v1/UserFlags.php
index bd808485d7..f0d60f72f5 100644
--- a/lib/API/JSON/v1/UserFlags.php
+++ b/lib/API/JSON/v1/UserFlags.php
@@ -33,6 +33,7 @@ class UserFlags extends APIEndpoint {
         ));
     } else {
       foreach ($flags as $name => $value) {
+        $value = htmlspecialchars($value);
         $this->user_flags->set($name, $value);
       }
       return $this->successResponse([]);