XSS fix (Debian bug 726976)

2013-10-21 16:39:28 +00:00 · 2013-10-21 16:39:28 +00:00 · eafde7b331
parent c5bed144c0
commit eafde7b331
1 changed files with 1 additions and 1 deletions
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@ -71,7 +71,7 @@ if (isset($_GET['useProfile'])) {

 // save last selected language
 if (isset($_POST['language'])) {
-	setcookie('lam_last_language', $_POST['language'], time() + 365*60*60*24);
+	setcookie('lam_last_language', htmlspecialchars($_POST['language']), time() + 365*60*60*24);
 }

 // init some session variables