From: pdontthink Date: Wed, 27 Jan 2010 23:05:18 +0000 (+0000) Subject: REQUEST_URI is used in php_self(), so make sure it's sanitized too X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=commitdiff_plain;h=ad2d75f676d6567af5439e27ee338b54eb5d028d REQUEST_URI is used in php_self(), so make sure it's sanitized too git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13895 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/include/init.php b/include/init.php index 6104a996..28f7b451 100644 --- a/include/init.php +++ b/include/init.php @@ -276,6 +276,7 @@ if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) { * QUERY_STRING also needs the same treatment since it is * used in php_self(). */ +$_SERVER['REQUEST_URI'] = htmlspecialchars($_SERVER['REQUEST_URI']); $_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']); $_SERVER['QUERY_STRING'] = htmlspecialchars($_SERVER['QUERY_STRING']);