From 2b31866fe0b30b867aaf5b5fedb11adb354e037f Mon Sep 17 00:00:00 2001 From: Marc Delisle <marc@infomarc.info> Date: Tue, 20 Oct 2015 10:02:54 -0400 Subject: [PATCH] [security] Content spoofing on url.php Signed-off-by: Marc Delisle <marc@infomarc.info> --- url.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/url.php b/url.php index 82b2243..44c140b 100644 --- a/url.php +++ b/url.php @@ -32,7 +32,8 @@ } </script>"; // Display redirecting msg on screen. - printf(__('Taking you to %s.'), htmlspecialchars($_GET['url'])); + // Do not display the value of $_GET['url'] to avoid showing injected content + echo __('Taking you to the target site.'); } die(); ?>