From 59d9197f7b952af18aa00686a135d0c757bcf326 Mon Sep 17 00:00:00 2001
From: Jeremy Fee <jmfee@usgs.gov>
Date: Tue, 27 Sep 2016 18:31:27 -0600
Subject: [PATCH] Use htmlentities with PHP_SELF

---
 src/htdocs/research/publications.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/htdocs/research/publications.php b/src/htdocs/research/publications.php
index be92c61..3d877ad 100755
--- a/src/htdocs/research/publications.php
+++ b/src/htdocs/research/publications.php
@@ -22,7 +22,7 @@ publications are listed for recent years only, but the list includes all Landsli
 For a more comprehensive, searchable list of publications, please see the USGS Main Publication search page: <a href="http://pubs.er.usgs.gov">http://pubs.er.usgs.gov</a></p>
 
 <div class="hr_noclear"><!-- hr --></div>
-<form method="get" action="<?php echo($_SERVER['PHP_SELF']); ?>" name="list_form">
+<form method="get" action="<?php echo(htmlentities($_SERVER['PHP_SELF'])); ?>" name="list_form">
 <div class="push_right">
 
 <?php
-- 
GitLab