[aur-dev] [PATCH] login.php: Escape quotes in the referer field

Replace special characters in the referer GET parameter using htmlspecialchars() before inserting it into the login form fields to prevent from XSS attacks. Fixes FS#55286. Signed-off-by: Lukas Fleischer --- web/html/login.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/html/login.php b/web/html/login.php index a55ce05..df51705 100644 --- a/web/html/login.php +++ b/web/html/login.php @@ -41,7 +41,7 @@ html_header('AUR ' . __("Login")); <a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a> <?php if (in_request('referer') !== ""): ?> - <input id="id_referer" type="hidden" name="referer" value="<?= in_request('referer') ?>" /> + <input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars(in_request('referer'), ENT_QUOTES) ?>" /> <?php elseif (isset($_SERVER['HTTP_REFERER'])): ?> <input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES) ?>" /> <?php endif; ?> -- 2.15.0