fix xss in confirm.php

AndrewPaglusch · Sep 7, 2021 · 9736da9 · 9736da9
1 parent 6e68b15
commit 9736da9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/html/confirm.php b/html/confirm.php
@@ -6,7 +6,7 @@
 						<label style="font-family: 'Enriqueta', arial, serif; line-height: 1.25; margin: 0 0 15px; font-size: 30px; font-weight: bold; padding-bottom: 1%"><?php echo $settings['messages']['confirm_view_secret_header'] ?></label>
 						<br />
 						<form method="post" action="./">
-							<input type="hidden" name="k" value="<?php echo $_GET['k'] ?>">
+							<input type="hidden" name="k" value="<?php echo htmlspecialchars($_GET['k']) ?>">
 							<button type="submit" onclick="this.disabled=true;this.form.submit();" class="btn btn-primary w-20 mx-auto"><?php echo $settings['messages']['confirm_view_secret_button'] ?></button>
 						</form>
 					</div>