diff options
author | Mario <mario@mariovavti.com> | 2024-10-30 09:12:26 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2024-10-30 09:12:26 +0000 |
commit | 0207c024201eec8d3fe83d4151f8cb5165e28886 (patch) | |
tree | e2486603086c07429a65742b58790a6e48e3d4eb /Zotlabs/Web/WebServer.php | |
parent | 274bfa9024e2886bb32c79f5939726687fb1ade4 (diff) | |
download | volse-hubzilla-0207c024201eec8d3fe83d4151f8cb5165e28886.tar.gz volse-hubzilla-0207c024201eec8d3fe83d4151f8cb5165e28886.tar.bz2 volse-hubzilla-0207c024201eec8d3fe83d4151f8cb5165e28886.zip |
escape the zid parameter - issue #1877
Diffstat (limited to 'Zotlabs/Web/WebServer.php')
-rw-r--r-- | Zotlabs/Web/WebServer.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index 6f8a4b956..19f14ee8a 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -2,6 +2,8 @@ namespace Zotlabs\Web; +use Zotlabs\Lib\Text; + class WebServer { public function run() { @@ -60,7 +62,7 @@ class WebServer { \App::$query_string = strip_zids(\App::$query_string); if(! local_channel()) { if (!isset($_SESSION['my_address']) || $_SESSION['my_address'] != $_GET['zid']) { - $_SESSION['my_address'] = $_GET['zid']; + $_SESSION['my_address'] = Text::escape_tags($_GET['zid']); $_SESSION['authenticated'] = 0; } if(!$_SESSION['authenticated']) { |