From 2d59cd8384017adca799f5323c92015994ebe6b6 Mon Sep 17 00:00:00 2001
From: aklerza <60571063+aklerza@users.noreply.github.com>
Date: Sat, 12 Oct 2024 16:58:31 +0000
Subject: [PATCH] Fix XSS vulnerability (#134)

---
 bibtexbrowser.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bibtexbrowser.php b/bibtexbrowser.php
index 9dfb363..3c611b8 100755
--- a/bibtexbrowser.php
+++ b/bibtexbrowser.php
@@ -296,7 +296,8 @@ function default_message() {
   You may browse:<br/>
   <?php
   foreach (glob("*.bib") as $bibfile) {
-    $url="?bib=".$bibfile; echo '<a href="'.$url.'" rel="nofollow">'.$bibfile.'</a><br/>';
+    $url="?bib=".urlencode($bibfile);
+    echo '<a href="'.htmlspecialchars($url, ENT_QUOTES, 'UTF-8').'" rel="nofollow">'.htmlspecialchars($bibfile, ENT_QUOTES, 'UTF-8').'</a><br/>';
   }
   echo "</div>";
 }