Special characters should be escaped

2016-09-23 06:29:02 +00:00 · 2016-09-23 06:29:02 +00:00 · 3f35fed35a
commit 3f35fed35a
parent 4948460232
3 changed files with 4 additions and 4 deletions
--- a/view/theme/frio/php/default.php
+++ b/view/theme/frio/php/default.php
@ -17,7 +17,7 @@
 <html>
 <head>
 	<title><?php if(x($page,'title')) echo $page['title'] ?></title>
-	<meta request="<?php echo $_REQUEST['pagename'] ?> ">
+	<meta request="<?php echo htmlspecialchars($_REQUEST['pagename']) ?> ">
 	<script>var baseurl="<?php echo $a->get_baseurl() ?>";</script>
 	<script>var frio="<?php echo "view/theme/frio"; ?>";</script>
 	<?php $baseurl = $a->get_baseurl(); ?>
--- a/view/theme/frio/php/standard.php
+++ b/view/theme/frio/php/standard.php
@ -11,7 +11,7 @@
 <head>
 	<title><?php if(x($page,'title')) echo $page['title'] ?></title>
 	<meta name="viewport" content="initial-scale=1.0">
-	<meta request="<?php echo $_REQUEST['pagename'] ?> ">
+	<meta request="<?php echo htmlspecialchars($_REQUEST['pagename']) ?> ">
 	<script>var baseurl="<?php echo $a->get_baseurl() ?>";</script>
 	<script>var frio="<?php echo "view/theme/frio"; ?>";</script>
 	<?php $baseurl = $a->get_baseurl(); ?>