aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web/WebServer.php
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2024-10-30 09:12:26 +0000
committerMario <mario@mariovavti.com>2024-10-30 09:12:26 +0000
commit0207c024201eec8d3fe83d4151f8cb5165e28886 (patch)
treee2486603086c07429a65742b58790a6e48e3d4eb /Zotlabs/Web/WebServer.php
parent274bfa9024e2886bb32c79f5939726687fb1ade4 (diff)
downloadvolse-hubzilla-0207c024201eec8d3fe83d4151f8cb5165e28886.tar.gz
volse-hubzilla-0207c024201eec8d3fe83d4151f8cb5165e28886.tar.bz2
volse-hubzilla-0207c024201eec8d3fe83d4151f8cb5165e28886.zip
escape the zid parameter - issue #1877
Diffstat (limited to 'Zotlabs/Web/WebServer.php')
-rw-r--r--Zotlabs/Web/WebServer.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index 6f8a4b956..19f14ee8a 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -2,6 +2,8 @@
namespace Zotlabs\Web;
+use Zotlabs\Lib\Text;
+
class WebServer {
public function run() {
@@ -60,7 +62,7 @@ class WebServer {
\App::$query_string = strip_zids(\App::$query_string);
if(! local_channel()) {
if (!isset($_SESSION['my_address']) || $_SESSION['my_address'] != $_GET['zid']) {
- $_SESSION['my_address'] = $_GET['zid'];
+ $_SESSION['my_address'] = Text::escape_tags($_GET['zid']);
$_SESSION['authenticated'] = 0;
}
if(!$_SESSION['authenticated']) {