Fix XSS in account_prof_edit_page.php

Fixes #27853
mantisbt · Jan 8, 2021 · e512b3d · e512b3d
1 parent 2eb6614
commit e512b3d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/account_prof_edit_page.php b/account_prof_edit_page.php
@@ -96,7 +96,7 @@
 		<?php  echo form_security_field( 'account_prof_update' )?>
 		<input type="hidden" name="action" value="update" />
 		<input type="hidden" name="profile_id" value="<?php echo $v_id ?>" />
-		<input type="hidden" name="redirect" value="<?php echo $f_redirect_page ?>" />
+		<input type="hidden" name="redirect" value="<?php echo string_attribute( $f_redirect_page ) ?>" />
 
 		<div class="widget-box widget-color-blue2">