Skip to content

Commit cb92507

Browse files
author
Mikael Falkvidd
committed
Plug potential XSS hole in views/template.php
REQUEST_URI needs to be sanitized if used. Since we want to refresh to the same page there is no need to set the URI. Signed-off-by: Mikael Falkvidd <mfalkvidd@op5.com>
1 parent e4a1976 commit cb92507

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: share/pnp/application/views/template.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
55
<head>
66
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7-
<meta http-equiv="refresh" content="<?php echo $this->config->conf['refresh'] ?>; url=<?php echo $_SERVER['REQUEST_URI'] ?>" />
7+
<meta http-equiv="refresh" content="<?php echo $this->config->conf['refresh'] ?>" />
88
<title><?php if (isset($this->title)) echo html::specialchars($this->title) ?></title>
99
<?php echo html::stylesheet('media/css/common.css') ?>
1010
<?php echo html::stylesheet('media/css/imgareaselect-default.css') ?>

0 commit comments

Comments
 (0)