diff options
| author | Lukas Fleischer <lfleischer@archlinux.org> | 2017-11-05 11:27:36 +0100 |
|---|---|---|
| committer | Lukas Fleischer <lfleischer@archlinux.org> | 2017-11-05 11:28:11 +0100 |
| commit | e2fa5ea6fa0bf90043e041c7cfc6fa036834758c (patch) | |
| tree | 08bd2f9d789a4c8c03982f7f669cd046e131cae8 | |
| parent | 4efba18f8688431fae58ae1b826b80f95957aec8 (diff) | |
| download | aur-e2fa5ea6fa0bf90043e041c7cfc6fa036834758c.tar.gz aur-e2fa5ea6fa0bf90043e041c7cfc6fa036834758c.zip | |
login.php: Escape quotes in the referer field
Replace special characters in the referer GET parameter using
htmlspecialchars() before inserting it into the login form fields to
prevent from XSS attacks.
Fixes FS#55286.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
| -rw-r--r-- | web/html/login.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/web/html/login.php b/web/html/login.php index a55ce05..df51705 100644 --- a/web/html/login.php +++ b/web/html/login.php @@ -41,7 +41,7 @@ html_header('AUR ' . __("Login")); <input type="submit" class="button" value="<?php print __("Login"); ?>" /> <a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a> <?php if (in_request('referer') !== ""): ?> - <input id="id_referer" type="hidden" name="referer" value="<?= in_request('referer') ?>" /> + <input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars(in_request('referer'), ENT_QUOTES) ?>" /> <?php elseif (isset($_SERVER['HTTP_REFERER'])): ?> <input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES) ?>" /> <?php endif; ?> |