Fix XSS vulnerability in "web/template/header.php".

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2011-03-30 17:07:27 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2011-03-30 17:07:27 +0200
commit: 0a625ae8ff737f471ee4e29853ba57db20352b1a (patch)
tree: 188133120c72e3cbfb91788bd30147c383ce9b0d /web
parent: 746c2b72b541865431d88af7a99df29c472a297c (diff)
download: aur-0a625ae8ff737f471ee4e29853ba57db20352b1a.tar.gz
aur-0a625ae8ff737f471ee4e29853ba57db20352b1a.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/web/template/header.php b/web/template/header.php
index 4939b574..0f0e362f 100644
--- a/web/template/header.php
+++ b/web/template/header.php
@@ -51,8 +51,8 @@
 reset($SUPPORTED_LANGS);
 foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
         print '<a href="'
-                . $_SERVER["PHP_SELF"]."?setlang=$lang\""
-		. " title=\"$lang_name\">"
+		. htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES)
+		."?setlang=$lang\" title=\"$lang_name\">"
 		. strtolower($lang) . "</a>\n";
 }
 ?>
author	Lukas Fleischer <archlinux@cryptocrack.de>	2011-03-30 17:07:27 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2011-03-30 17:07:27 +0200
commit	0a625ae8ff737f471ee4e29853ba57db20352b1a (patch)
tree	188133120c72e3cbfb91788bd30147c383ce9b0d /web
parent	746c2b72b541865431d88af7a99df29c472a297c (diff)
download	aur-0a625ae8ff737f471ee4e29853ba57db20352b1a.tar.gz aur-0a625ae8ff737f471ee4e29853ba57db20352b1a.tar.xz