Issue #435, fix missing escaping of HTTP referer to prevent XSS

2017-01-02 09:37:45 +01:00
parent 0c8416f5df
commit 4e8c310156
2 changed files with 4 additions and 1 deletions
--- a/include/admin/entries.inc.php
+++ b/include/admin/entries.inc.php
@@ -402,7 +402,7 @@ switch($serendipity['GET']['adminAction']) {
            return; // blank content page, but default token check parameter is presenting a XSRF message when false
        }
        if (!is_array($serendipity['POST']['multiDelete'])) {
-            echo '<div class="msg_notice"><span class="icon-attention-circled" aria-hidden="true"></span> ' . sprintf(MULTICHECK_NO_ITEM, $_SERVER['HTTP_REFERER']) . '</div>'."\n";
+            echo '<div class="msg_notice"><span class="icon-attention-circled" aria-hidden="true"></span> ' . sprintf(MULTICHECK_NO_ITEM, serendipity_specialchars($_SERVER['HTTP_REFERER'])) . '</div>'."\n";
            break;
        }