Added proper escaping to the http_referer

LibreBooking · Feb 11, 2022 · bed96d1 · bed96d1
1 parent 77e9bba
commit bed96d1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Pages/Page.php b/Pages/Page.php
@@ -170,7 +170,7 @@ public function RedirectToError($errorMessageId = ErrorMessages::UNKNOWN_ERROR,
 
     public function GetLastPage($defaultPage = '')
     {
-        $referer = getenv("HTTP_REFERER");
+        $referer = filter_var(getenv("HTTP_REFERER"), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
         if (empty($referer)) {
             return empty($defaultPage) ? Pages::LOGIN : $defaultPage;
         }