blob: 9c270bbc4582d36a0134710d2e03c53e5c87e94d (
plain)
1
2
3
4
5
6
7
8
9
10
11
|
--- orig/include/setup.php 2016-02-19 16:02:05.674756241 +0100
+++ new/include/setup.php 2016-02-19 16:02:10.166832543 +0100
@@ -467,7 +467,7 @@
$vars['validationurl'] = getFullURL($_SERVER['SCRIPT_NAME']).'?'.buildQuery($queryParams + array('template' => $template, 'language' => $language), '%26');
// To avoid a possible XSS exploit, need to clean up the passed-in path first
-$path = !empty($_REQUEST['path']) ? $_REQUEST['path'] : null;
+$path = !empty($_REQUEST['path']) ? escape($_REQUEST['path']) : null;
if ($path === null || $path === '')
$path = '/';
$vars['safepath'] = escape($path);
|