From 6a1e26a23c7b6f58c35f2f7730a65f116a02849b Mon Sep 17 00:00:00 2001
From: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Wed, 16 Aug 2006 08:06:31 +0000
Subject: Fixed some XSS and SQL injection issues

git-svn-id: https://svn.roundcube.net/trunk@319 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/program/steps/error.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roundcubemail/program/steps/error.inc')

diff --git a/roundcubemail/program/steps/error.inc b/roundcubemail/program/steps/error.inc
index aa8036afe..2d87a9da4 100644
--- a/roundcubemail/program/steps/error.inc
+++ b/roundcubemail/program/steps/error.inc
@@ -53,7 +53,7 @@ else if ($ERROR_CODE==401)
 else if ($ERROR_CODE==404)
   {
   $__error_title = "REQUEST FAILED/FILE NOT FOUND";
-  $request_url = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
+  $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
   $__error_text  = <<<EOF
 The requested page was not found!<br />
 Please contact your server-administrator.
-- 
cgit v1.2.3