From d5313eb726177e33ed11dae03589da283fca11f6 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Mon, 18 Mar 2019 10:55:52 +0100 Subject: init.php: clean up $_GET, $_SERVER["REQUEST_URI"] and $_SERVER["QUERY_STRING"] against xss --- init.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/init.php b/init.php index 6c8a8f4..1a978ff 100644 --- a/init.php +++ b/init.php @@ -1,2 +1,25 @@ $val) { + $old = ''; + while ($old != $_GET[$key]) { + $old = $_GET[$key]; + $_GET[$key] = urldecode($_GET[$key]); + } + $_GET[$key] = htmlentities($_GET[$key]); +} -- cgit v1.2.3-70-g09d2