From bed96d127d1a3e1b11e5469e6e59eb29b6d95c77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emanuel=20Garc=C3=AAs?= <effgarces@gmail.com>
Date: Fri, 11 Feb 2022 19:08:29 +0000
Subject: [PATCH] Added proper escaping to the http_referer

---
 Pages/Page.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Pages/Page.php b/Pages/Page.php
index e797f71d3..cd37ed42d 100644
--- a/Pages/Page.php
+++ b/Pages/Page.php
@@ -170,7 +170,7 @@ public function RedirectToError($errorMessageId = ErrorMessages::UNKNOWN_ERROR,
 
     public function GetLastPage($defaultPage = '')
     {
-        $referer = getenv("HTTP_REFERER");
+        $referer = filter_var(getenv("HTTP_REFERER"), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
         if (empty($referer)) {
             return empty($defaultPage) ? Pages::LOGIN : $defaultPage;
         }