From 43753ec1133e1078f87cd609da008db9e935e998 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Mon, 18 Mar 2019 12:19:24 +0000
Subject: ENT_COMPAT will only take care of double-quotes. Use double-quotes
 here to prevent XSS

(cherry picked from commit a086745ec021add5638a0527d4e8e14835591e93)
---
 Zotlabs/Module/Viewconnections.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Zotlabs/Module/Viewconnections.php')

diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php
index 0a5e86907..14a5ccb86 100644
--- a/Zotlabs/Module/Viewconnections.php
+++ b/Zotlabs/Module/Viewconnections.php
@@ -107,7 +107,7 @@ class Viewconnections extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		else {
-			$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+			$o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '";</script>';
 			$tpl = get_markup_template("viewcontact_template.tpl");
 			$o .= replace_macros($tpl, array(
 				'$title' => t('View Connections'),
-- 
cgit v1.2.3