Skip to content

Commit

Permalink
cleaning REQUEST_URI for good measure
Browse files Browse the repository at this point in the history
  • Loading branch information
@elrido
elrido committed Jul 18, 2016
1 parent e1d6db8 commit e7dde4d
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion lib/privatebin.php
View file
Expand Up @@ -176,7 +176,8 @@ private function _init()
$this->_conf = new configuration;
$this->_model = new model($this->_conf);
$this->_request = new request;
$this->_urlbase = array_key_exists('REQUEST_URI', $_SERVER) ? $_SERVER['REQUEST_URI'] : '/';
$this->_urlbase = array_key_exists('REQUEST_URI', $_SERVER) ?
htmlspecialchars($_SERVER['REQUEST_URI']) : '/';

// set default language
$lang = $this->_conf->getKey('languagedefault');
Expand Down

2 comments on commit e7dde4d

@rugk
Copy link
Member

@rugk rugk commented on e7dde4d Jul 18, 2016
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. I think this is a URL is not it? So would not urlencode be more suitable?

@rugk
Copy link
Member

@rugk rugk commented on e7dde4d Jul 18, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, possibly htmlspecialchars is indeed useful as the output is finally written shown to the user in a HTML document.

Please sign in to comment.