From 249f26eb5219b5d33873d09a224ad656be74bc87 Mon Sep 17 00:00:00 2001
From: Martin Monperrus <martin.monperrus@gnieh.org>
Date: Mon, 15 Jan 2018 10:07:07 +0100
Subject: [PATCH] fix XSS pointed by user

---
 bibtexbrowser.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bibtexbrowser.php b/bibtexbrowser.php
index fc1dd03..613de6d 100755
--- a/bibtexbrowser.php
+++ b/bibtexbrowser.php
@@ -4748,7 +4748,7 @@ class Dispatcher {
     <head>
     <meta name="generator" content="bibtexbrowser v__GITHUB__" />
     <meta http-equiv="Content-Type" content="text/html; charset=<?php echo OUTPUT_ENCODING ?>"/>
-    <title>You are browsing <?php echo $_GET[Q_FILE]; ?> with bibtexbrowser</title>
+    <title>You are browsing <?php echo htmlentities($_GET[Q_FILE], ENT_QUOTES); ?> with bibtexbrowser</title>
     </head>
     <frameset cols="15%,*">
     <frame name="menu" src="<?php echo '?'.Q_FILE.'='. urlencode($_GET[Q_FILE]).'&amp;menu'; ?>" />