From ad2d75f676d6567af5439e27ee338b54eb5d028d Mon Sep 17 00:00:00 2001 From: pdontthink Date: Wed, 27 Jan 2010 23:05:18 +0000 Subject: [PATCH] REQUEST_URI is used in php_self(), so make sure it's sanitized too git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13895 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- include/init.php | 1 + 1 file changed, 1 insertion(+) diff --git a/include/init.php b/include/init.php index 6104a996..28f7b451 100644 --- a/include/init.php +++ b/include/init.php @@ -276,6 +276,7 @@ if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) { * QUERY_STRING also needs the same treatment since it is * used in php_self(). */ +$_SERVER['REQUEST_URI'] = htmlspecialchars($_SERVER['REQUEST_URI']); $_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']); $_SERVER['QUERY_STRING'] = htmlspecialchars($_SERVER['QUERY_STRING']); -- 2.25.1