From 249f26eb5219b5d33873d09a224ad656be74bc87 Mon Sep 17 00:00:00 2001 From: Martin Monperrus Date: Mon, 15 Jan 2018 10:07:07 +0100 Subject: [PATCH] fix XSS pointed by user --- bibtexbrowser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bibtexbrowser.php b/bibtexbrowser.php index fc1dd03..613de6d 100755 --- a/bibtexbrowser.php +++ b/bibtexbrowser.php @@ -4748,7 +4748,7 @@ class Dispatcher { - You are browsing <?php echo $_GET[Q_FILE]; ?> with bibtexbrowser + You are browsing <?php echo htmlentities($_GET[Q_FILE], ENT_QUOTES); ?> with bibtexbrowser