diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2006-08-16 08:06:31 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2006-08-16 08:06:31 +0000 |
| commit | 6a1e26a23c7b6f58c35f2f7730a65f116a02849b (patch) | |
| tree | abf0fc3ebe12f4eabd19c4dfc0bebc3dfaa260dd /roundcubemail/program/steps/error.inc | |
| parent | 22e44bcebaedf1ea36443a2576399e27c64ad2be (diff) | |
Fixed some XSS and SQL injection issues
git-svn-id: https://svn.roundcube.net/trunk@319 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/steps/error.inc')
| -rw-r--r-- | roundcubemail/program/steps/error.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roundcubemail/program/steps/error.inc b/roundcubemail/program/steps/error.inc index aa8036afe..2d87a9da4 100644 --- a/roundcubemail/program/steps/error.inc +++ b/roundcubemail/program/steps/error.inc @@ -53,7 +53,7 @@ else if ($ERROR_CODE==401) else if ($ERROR_CODE==404) { $__error_title = "REQUEST FAILED/FILE NOT FOUND"; - $request_url = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; + $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); $__error_text = <<<EOF The requested page was not found!<br /> Please contact your server-administrator. |