From c5bed144c00734e4b0524530394e670a1fc6f25e Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Mon, 21 Oct 2013 16:21:38 +0000
Subject: [PATCH] XSS fix (Debian bug 726976)

---
 lam/templates/login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lam/templates/login.php b/lam/templates/login.php
index 1b09b596..b438a9e9 100644
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@@ -114,7 +114,7 @@ else {
 	$_SESSION['language'] = 'en_GB.utf8:UTF-8:English (Great Britain)';
 }
 if (isset($_POST['language'])) {
-	$_SESSION['language'] = $_POST['language']; // Write selected language in session
+	$_SESSION['language'] = htmlspecialchars($_POST['language']); // Write selected language in session
 }
 $current_language = explode(":",$_SESSION['language']);
 $_SESSION['header'] = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n\n";