login.php: Escape quotes in the referer field
diff mbox

Message ID 20171105103531.29729-1-lfleischer@archlinux.org
State Accepted, archived
Headers show

Commit Message

Lukas Fleischer Nov. 5, 2017, 10:35 a.m. UTC
Replace special characters in the referer GET parameter using
htmlspecialchars() before inserting it into the login form fields to
prevent from XSS attacks.

Fixes FS#55286.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 web/html/login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch
diff mbox

diff --git a/web/html/login.php b/web/html/login.php
index a55ce05..df51705 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -41,7 +41,7 @@  html_header('AUR ' . __("Login"));
 				<input type="submit" class="button" value="<?php  print __("Login"); ?>" />
 				<a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a>
 				<?php if (in_request('referer') !== ""): ?>
-				<input id="id_referer" type="hidden" name="referer" value="<?= in_request('referer') ?>" />
+				<input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars(in_request('referer'), ENT_QUOTES) ?>" />
 				<?php elseif (isset($_SERVER['HTTP_REFERER'])): ?>
 				<input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES) ?>" />
 				<?php endif; ?>