Replace special characters in the referer GET parameter using htmlspecialchars() before inserting it into the login form fields to prevent from XSS attacks.
Fixes FS#55286. Signed-off-by: Lukas Fleischer <[email protected]> --- web/html/login.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/html/login.php b/web/html/login.php index a55ce05..df51705 100644 --- a/web/html/login.php +++ b/web/html/login.php @@ -41,7 +41,7 @@ html_header('AUR ' . __("Login")); <input type="submit" class="button" value="<?php print __("Login"); ?>" /> <a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a> <?php if (in_request('referer') !== ""): ?> - <input id="id_referer" type="hidden" name="referer" value="<?= in_request('referer') ?>" /> + <input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars(in_request('referer'), ENT_QUOTES) ?>" /> <?php elseif (isset($_SERVER['HTTP_REFERER'])): ?> <input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES) ?>" /> <?php endif; ?> -- 2.15.0
