fix XSS

BOINC · Dec 21, 2024 · 99de7f6 · 99de7f6
1 parent 6f5fc34
commit 99de7f6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/html/user/job_file.php b/html/user/job_file.php
@@ -291,7 +291,7 @@ function upload_files($r) {
 $req = $_POST['request'];
 $r = simplexml_load_string($req);
 if (!$r) {
-    xml_error(-1, "can't parse request message: $req", __FILE__, __LINE__);
+    xml_error(-1, "can't parse request message: ".htmlspecialchars($req), __FILE__, __LINE__);
 }
 
 switch($r->getName()) {