summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2017-11-05 11:27:36 +0100
committerLukas Fleischer <lfleischer@archlinux.org>2017-11-05 11:28:11 +0100
commite2fa5ea6fa0bf90043e041c7cfc6fa036834758c (patch)
tree08bd2f9d789a4c8c03982f7f669cd046e131cae8
parent4efba18f8688431fae58ae1b826b80f95957aec8 (diff)
downloadaur-e2fa5ea6fa0bf90043e041c7cfc6fa036834758c.tar.gz
aur-e2fa5ea6fa0bf90043e041c7cfc6fa036834758c.tar.xz
login.php: Escape quotes in the referer field
Replace special characters in the referer GET parameter using htmlspecialchars() before inserting it into the login form fields to prevent from XSS attacks. Fixes FS#55286. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r--web/html/login.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/web/html/login.php b/web/html/login.php
index a55ce057..df517055 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -41,7 +41,7 @@ html_header('AUR ' . __("Login"));
<input type="submit" class="button" value="<?php print __("Login"); ?>" />
<a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a>
<?php if (in_request('referer') !== ""): ?>
- <input id="id_referer" type="hidden" name="referer" value="<?= in_request('referer') ?>" />
+ <input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars(in_request('referer'), ENT_QUOTES) ?>" />
<?php elseif (isset($_SERVER['HTTP_REFERER'])): ?>
<input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES) ?>" />
<?php endif; ?>