diff --git a/src/App/Page.php b/src/App/Page.php index 37141426c3..6317214b4f 100644 --- a/src/App/Page.php +++ b/src/App/Page.php @@ -73,6 +73,8 @@ class Page implements ArrayAccess 'right_aside' => '', 'template' => '', 'title' => '', + 'section' => '', + 'module' => '', ]; /** * @var string The basepath of the page @@ -509,6 +511,11 @@ class Page implements ArrayAccess $page = $this->page; + // add and escape some common but crucial content for direct "echo" in HTML (security) + $page['title'] = htmlspecialchars($page['title'] ?? ''); + $page['section'] = htmlspecialchars($args->get(0) ?? 'generic'); + $page['module'] = htmlspecialchars($args->getModuleName() ?? ''); + header("X-Friendica-Version: " . App::VERSION); header("Content-type: text/html; charset=utf-8"); diff --git a/view/theme/frio/php/default.php b/view/theme/frio/php/default.php index d0580373e0..0c6dd3934f 100644 --- a/view/theme/frio/php/default.php +++ b/view/theme/frio/php/default.php @@ -77,7 +77,7 @@ $is_singleuser_class = $is_singleuser ? "is-singleuser" : "is-not-singleuser"; ?> -
"> + "> t('Skip to main content'); ?>