From 7286a34d287f3150a58aa9e7d381637175ed1ef9 Mon Sep 17 00:00:00 2001
From: John Crisp <john@reetspetit.net>
Date: Sat, 22 Feb 2020 15:01:56 +0100
Subject: [PATCH] Fix potential XSS

---
 include/common.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/common.php b/include/common.php
index fa5b367..bb403cf 100644
--- a/include/common.php
+++ b/include/common.php
@@ -7,7 +7,7 @@ if (isset($_SERVER['PHP_AUTH_USER']))
 else
 	$PHPki_user = md5('default');
 
-$PHP_SELF = $_SERVER['PHP_SELF'];
+$PHP_SELF = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, "utf-8");
 
 
 function printHeader($withmenu="default") {