Fixed output of "cmd" parameter

(cherry picked from commit 2106df4)
ILIAS-eLearning · Apr 24, 2017 · c0f326d · c0f326d · floriankunushevci · Apr 24, 2017
1 parent a027066
commit c0f326d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/setup/classes/class.ilSetupGUI.php b/setup/classes/class.ilSetupGUI.php
@@ -596,7 +596,7 @@ function displayHeader()
 			}
 		}
 
-		$this->tpl->setVariable("VAL_CMD", $_GET["cmd"]);
+		$this->tpl->setVariable("VAL_CMD", htmlspecialchars($_GET["cmd"]));
 		$this->tpl->setVariable("TXT_OK",$this->lng->txt("change"));
 		$this->tpl->setVariable("TXT_CHOOSE_LANGUAGE",$this->lng->txt("choose_language"));
 		$this->tpl->setVariable("PAGETITLE","Setup");