From a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9 Mon Sep 17 00:00:00 2001
From: dosse91 <info@fdossena.com>
Date: Mon, 3 Jan 2022 16:30:39 +0100
Subject: [PATCH] Fixed minor vulnerability in stats.php

---
 results/stats.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/results/stats.php b/results/stats.php
index be35a6ea..b8fbee89 100755
--- a/results/stats.php
+++ b/results/stats.php
@@ -86,9 +86,9 @@
                     $speedtest = getSpeedtestUserById($_GET['id']);
                     $speedtests = [];
                     if (false === $speedtest) {
-                        echo '<div>There was an error trying to fetch the speedtest result for ID "'.$_GET['id'].'".</div>';
+                        echo '<div>There was an error trying to fetch the speedtest result for ID "'.htmlspecialchars($_GET['id'], ENT_HTML5, 'UTF-8').'".</div>';
                     } elseif (null === $speedtest) {
-                        echo '<div>Could not find a speedtest result for ID "'.$_GET['id'].'".</div>';
+                        echo '<div>Could not find a speedtest result for ID "'.htmlspecialchars($_GET['id'], ENT_HTML5, 'UTF-8').'".</div>';
                     } else {
                         $speedtests = [$speedtest];
                     }