Fix XSS vulnerability in "web/template/header.php".

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2025-02-03 10:43:03 +01:00 · 2011-03-30 17:07:27 +02:00 · 2011-03-30 17:07:27 +02:00 · 0a625ae8ff
commit 0a625ae8ff
parent 746c2b72b5
1 changed files with 2 additions and 2 deletions
--- a/web/template/header.php
+++ b/web/template/header.php
@ -51,8 +51,8 @@
 reset($SUPPORTED_LANGS);
 foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
        print '<a href="'
-                . $_SERVER["PHP_SELF"]."?setlang=$lang\""
-		. " title=\"$lang_name\">"
+		. htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES)
+		."?setlang=$lang\" title=\"$lang_name\">"
 		. strtolower($lang) . "</a>\n";
 }
 ?>