From 6f66195ffd2c19d4af9818a33fa24c14153bc625 Mon Sep 17 00:00:00 2001 From: John Kasper Svergja Date: Sun, 12 Mar 2023 18:31:07 +0100 Subject: [PATCH] Fix XSS where SelfPath is used Solves #27 --- src/include/helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/include/helper.php b/src/include/helper.php index adb40c1..36eb639 100644 --- a/src/include/helper.php +++ b/src/include/helper.php @@ -116,7 +116,7 @@ public static function ServerPath($path) */ public static function SelfPath() { - return ROOT_URL . $_SERVER['PHP_SELF']; + return ROOT_URL . Hsc($_SERVER['PHP_SELF']); } /** * Creates a rooted path on the local machine e g c:\inetpub\wwwroot\subdir/index.php.