summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-03-30 17:07:27 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-03-30 17:07:27 +0200
commit0a625ae8ff737f471ee4e29853ba57db20352b1a (patch)
tree188133120c72e3cbfb91788bd30147c383ce9b0d
parent746c2b72b541865431d88af7a99df29c472a297c (diff)
Fix XSS vulnerability in "web/template/header.php".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r--web/template/header.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/web/template/header.php b/web/template/header.php
index 4939b57..0f0e362 100644
--- a/web/template/header.php
+++ b/web/template/header.php
@@ -51,8 +51,8 @@
reset($SUPPORTED_LANGS);
foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
print '<a href="'
- . $_SERVER["PHP_SELF"]."?setlang=$lang\""
- . " title=\"$lang_name\">"
+ . htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES)
+ ."?setlang=$lang\" title=\"$lang_name\">"
. strtolower($lang) . "</a>\n";
}
?>