Merge branch 'dev' into containers

author: Mario Vavti <mario@mariovavti.com> 2024-10-30 12:50:08 +0100
committer: Mario Vavti <mario@mariovavti.com> 2024-10-30 12:50:08 +0100
commit: 005d4ad35143e417b7c1dbfbf38417dee03e9608 (patch)
tree: 26ca21abd63168b3ddbd0f963f6f2473ac11eeab /Zotlabs/Web/WebServer.php
parent: 68135c28da286bb23978f6181c46edf56c37b06e (diff)
parent: 90a1dad02c24dcb3bc629e198ad24adc0b7566d3 (diff)
download: volse-hubzilla-005d4ad35143e417b7c1dbfbf38417dee03e9608.tar.gz
volse-hubzilla-005d4ad35143e417b7c1dbfbf38417dee03e9608.tar.bz2
volse-hubzilla-005d4ad35143e417b7c1dbfbf38417dee03e9608.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index 6f8a4b956..19f14ee8a 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -2,6 +2,8 @@
 
 namespace Zotlabs\Web;
 
+use Zotlabs\Lib\Text;
+
 class WebServer {
 
 	public function run() {
@@ -60,7 +62,7 @@ class WebServer {
 			\App::$query_string = strip_zids(\App::$query_string);
 			if(! local_channel()) {
 				if (!isset($_SESSION['my_address']) || $_SESSION['my_address'] != $_GET['zid']) {
-					$_SESSION['my_address'] = $_GET['zid'];
+					$_SESSION['my_address'] = Text::escape_tags($_GET['zid']);
 					$_SESSION['authenticated'] = 0;
 				}
 				if(!$_SESSION['authenticated']) {
author	Mario Vavti <mario@mariovavti.com>	2024-10-30 12:50:08 +0100
committer	Mario Vavti <mario@mariovavti.com>	2024-10-30 12:50:08 +0100
commit	005d4ad35143e417b7c1dbfbf38417dee03e9608 (patch)
tree	26ca21abd63168b3ddbd0f963f6f2473ac11eeab /Zotlabs/Web/WebServer.php
parent	68135c28da286bb23978f6181c46edf56c37b06e (diff)
parent	90a1dad02c24dcb3bc629e198ad24adc0b7566d3 (diff)
download	volse-hubzilla-005d4ad35143e417b7c1dbfbf38417dee03e9608.tar.gz volse-hubzilla-005d4ad35143e417b7c1dbfbf38417dee03e9608.tar.bz2 volse-hubzilla-005d4ad35143e417b7c1dbfbf38417dee03e9608.zip