From c23ca0574ec1149993476632ffd66643aec6aac2 Mon Sep 17 00:00:00 2001
From: Jyri-Petteri Paloposki <jyri-petteri.paloposki@iki.fi>
Date: Thu, 25 Jul 2024 14:53:04 +0300
Subject: [PATCH] Fix reflected XSS vulnerability on the stats page

---
 app/views/stats/show_selection_from_chart.html.erb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/views/stats/show_selection_from_chart.html.erb b/app/views/stats/show_selection_from_chart.html.erb
index 29e9dfdb..abe7f04b 100644
--- a/app/views/stats/show_selection_from_chart.html.erb
+++ b/app/views/stats/show_selection_from_chart.html.erb
@@ -4,8 +4,8 @@
     unless @further
 -%>
 <%= raw t('stats.click_to_show_actions_from_week',
-      :link => link_to("here", show_actions_from_chart_path(:id=>"#{params[:id]}_end", :index => params[:index])),
-      :week => params[:index])
+      :link => link_to("here", show_actions_from_chart_path(:id=>"#{params[:id].to_i}_end", :index => params[:index].to_i)),
+      :week => params[:index].to_i)
 -%>
 <%
     end