From a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9 Mon Sep 17 00:00:00 2001 From: dosse91 Date: Mon, 3 Jan 2022 16:30:39 +0100 Subject: [PATCH] Fixed minor vulnerability in stats.php --- results/stats.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/results/stats.php b/results/stats.php index be35a6eac..b8fbee89d 100755 --- a/results/stats.php +++ b/results/stats.php @@ -86,9 +86,9 @@ $speedtest = getSpeedtestUserById($_GET['id']); $speedtests = []; if (false === $speedtest) { - echo '
There was an error trying to fetch the speedtest result for ID "'.$_GET['id'].'".
'; + echo '
There was an error trying to fetch the speedtest result for ID "'.htmlspecialchars($_GET['id'], ENT_HTML5, 'UTF-8').'".
'; } elseif (null === $speedtest) { - echo '
Could not find a speedtest result for ID "'.$_GET['id'].'".
'; + echo '
Could not find a speedtest result for ID "'.htmlspecialchars($_GET['id'], ENT_HTML5, 'UTF-8').'".
'; } else { $speedtests = [$speedtest]; }