From 99de7f66f4b60b527e6c82c7dbe6c35848ca2a8b Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sat, 21 Dec 2024 14:55:49 -0800 Subject: [PATCH] fix XSS --- html/user/job_file.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/user/job_file.php b/html/user/job_file.php index 799ac7af6d..c1028fe283 100644 --- a/html/user/job_file.php +++ b/html/user/job_file.php @@ -291,7 +291,7 @@ xml_header(); $req = $_POST['request']; $r = simplexml_load_string($req); if (!$r) { - xml_error(-1, "can't parse request message: $req", __FILE__, __LINE__); + xml_error(-1, "can't parse request message: ".htmlspecialchars($req), __FILE__, __LINE__); } switch($r->getName()) {