projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
REQUEST_URI is used in php_self(), so make sure it's sanitized too
[squirrelmail.git] / include / init.php
diff --git a/include/init.php b/include/init.php
index 6104a996633d0e517e2eda52001e07db3dc280eb..28f7b451814e9d3564adf727b92d16a6d0ab8b23 100644 (file)
--- a/include/init.php
+++ b/include/init.php
@@ -276,6 +276,7 @@ if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) {
  * QUERY_STRING also needs the same treatment since it is
  * used in php_self().
  */
+$_SERVER['REQUEST_URI'] = htmlspecialchars($_SERVER['REQUEST_URI']);
 $_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']);
 $_SERVER['QUERY_STRING'] = htmlspecialchars($_SERVER['QUERY_STRING']);
 
Unnamed repository; edit this file 'description' to name the repository.