Commit d6e07d3e authored by Gary Wong's avatar Gary Wong

Run $REQUEST_URI through htmlentities() before including it in our output.

This ought to stop us getting bugged about one cross-site scripting
vulnerability.
parent 3614401f
......@@ -31,7 +31,7 @@ RequiredPageArguments();
#
PAGEHEADER("Non Existent Page!");
USERERROR("The URL you gave: <b>$REQUEST_URI</b>
USERERROR("The URL you gave: <b>" . htmlentities( $REQUEST_URI ) . "</b>
is not available or is broken.", 1);
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment