From eafde7b331667b5814d0691e12235a13c2a119da Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Mon, 21 Oct 2013 16:39:28 +0000
Subject: [PATCH] XSS fix (Debian bug 726976)

---
 lam/templates/login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lam/templates/login.php b/lam/templates/login.php
index b438a9e9..50fa5c4f 100644
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@@ -71,7 +71,7 @@ if (isset($_GET['useProfile'])) {
 
 // save last selected language
 if (isset($_POST['language'])) {
-	setcookie('lam_last_language', $_POST['language'], time() + 365*60*60*24);
+	setcookie('lam_last_language', htmlspecialchars($_POST['language']), time() + 365*60*60*24);
 }
 
 // init some session variables