From 6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Jacquet?=
 <francoisjacquet@users.noreply.github.com>
Date: Sat, 4 Jun 2022 13:44:21 +0200
Subject: [PATCH] Fix stored XSS security issue: remove inline JS from URL in
 PreparePHP_SELF.fnc.php

---
 functions/PreparePHP_SELF.fnc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions/PreparePHP_SELF.fnc.php b/functions/PreparePHP_SELF.fnc.php
index 80da4699a..f7dfe677b 100644
--- a/functions/PreparePHP_SELF.fnc.php
+++ b/functions/PreparePHP_SELF.fnc.php
@@ -200,7 +200,7 @@ function( $match ) {
 
 	foreach ( $remove as $remove_string )
 	{
-		while ( strpos( $string, $remove_string ) !== false )
+		while ( stripos( $string, $remove_string ) !== false )
 		{
 			$string = str_ireplace( $remove, '', $string );
 		}