diff options
author | Mario Vavti <mario@mariovavti.com> | 2019-03-18 13:19:24 +0100 |
---|---|---|
committer | Mario Vavti <mario@mariovavti.com> | 2019-03-18 13:19:24 +0100 |
commit | a086745ec021add5638a0527d4e8e14835591e93 (patch) | |
tree | 092c099bf6c9f150bc88f966a824dd6b64cf694e /Zotlabs/Module/Connections.php | |
parent | 51156d058232969d55032f045859e46bb3a09162 (diff) | |
download | volse-hubzilla-a086745ec021add5638a0527d4e8e14835591e93.tar.gz volse-hubzilla-a086745ec021add5638a0527d4e8e14835591e93.tar.bz2 volse-hubzilla-a086745ec021add5638a0527d4e8e14835591e93.zip |
ENT_COMPAT will only take care of double-quotes. Use double-quotes here to prevent XSS
Diffstat (limited to 'Zotlabs/Module/Connections.php')
-rw-r--r-- | Zotlabs/Module/Connections.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 967e9521d..8e3730875 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -329,7 +329,7 @@ class Connections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>'; $o .= replace_macros(get_markup_template('connections.tpl'),array( '$header' => t('Connections') . (($head) ? ': ' . $head : ''), '$tabs' => $tabs, |