Possible XSS vulnerability #4 reprted by Andy

Possible XSS vulnerability #4 solved according Andy's proposal
Taggic · Mar 17, 2016 · 6052428 · 6052428
1 parent d8a847d
commit 6052428
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/admin.php b/admin.php
@@ -113,7 +113,7 @@ function _html_form(){
         echo         '<div class="box">'.$conf['lang'].'</div>'.NL;
 
         echo         '<label class="formTitle" for="langdelete_w">'.$this->getLang('i_shouldkeep').':</label>';
-        echo         '<input type="text" name="langdelete_w" class="edit" value="'.$_REQUEST['langdelete_w'].'" />'.NL;
+        echo         '<input type="text" name="langdelete_w" class="edit" value="'.hsc($_REQUEST['langdelete_w']).'" />'.NL;
 
         echo         '<label class="formTitle" for="option">'.$this->getLang('i_runoption').':</label>';
         echo         '<div class="box">'.NL;