gnucash-htdocs master: Fix reflected XSS.
John Ralls
jralls at code.gnucash.org
Tue Aug 10 17:15:56 EDT 2021
Updated via https://github.com/Gnucash/gnucash-htdocs/commit/1acd86cc (commit)
from https://github.com/Gnucash/gnucash-htdocs/commit/9e7cebe5 (commit)
commit 1acd86cc993c9220d60d5ce472759467ef1e0628
Author: John Ralls <jralls at ceridwen.us>
Date: Tue Aug 10 14:11:44 2021 -0700
Fix reflected XSS.
diff --git a/externals/header.phtml b/externals/header.phtml
index ce9a5e6..7394899 100644
--- a/externals/header.phtml
+++ b/externals/header.phtml
@@ -63,7 +63,7 @@
?>
<meta property="og:title" content="<?=$full_title?>"/>
<meta property="og:type" content="website"/>
- <meta property="og:url" content="<?=\DEFAULT_URL.$page?>"/>
+ <meta property="og:url" content="<?=\DEFAULT_URL.filter_var($page, FILTER_SANITIZE_URL)?>"/>
<meta property="og:image" content="<?=\DEFAULT_URL."externals/logo_w120.png"?>"/>
<meta property="og:site_name" content="GnuCash"/>
<meta property="og:description" content="<?=strip_tags($description)?>"/>
Summary of changes:
externals/header.phtml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
More information about the gnucash-changes
mailing list