From 45463333426e30728d8ffee382491713d420671f Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Tue, 16 Aug 2011 17:14:49 +0000 Subject: [PATCH] XSS fix --- lam/templates/login.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lam/templates/login.php b/lam/templates/login.php index b276344e..001b8413 100644 --- a/lam/templates/login.php +++ b/lam/templates/login.php @@ -249,7 +249,7 @@ function display_LoginPage($config_object) { } // check if self service was saved if (isset($_GET['selfserviceSaveOk'])) { - StatusMessage("INFO", _("Your settings were successfully saved."), $_GET['selfserviceSaveOk']); + StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['selfserviceSaveOk'])); echo "
"; } ?>