From 59d9197f7b952af18aa00686a135d0c757bcf326 Mon Sep 17 00:00:00 2001 From: Jeremy Fee <jmfee@usgs.gov> Date: Tue, 27 Sep 2016 18:31:27 -0600 Subject: [PATCH] Use htmlentities with PHP_SELF --- src/htdocs/research/publications.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/htdocs/research/publications.php b/src/htdocs/research/publications.php index be92c61..3d877ad 100755 --- a/src/htdocs/research/publications.php +++ b/src/htdocs/research/publications.php @@ -22,7 +22,7 @@ publications are listed for recent years only, but the list includes all Landsli For a more comprehensive, searchable list of publications, please see the USGS Main Publication search page: <a href="http://pubs.er.usgs.gov">http://pubs.er.usgs.gov</a></p> <div class="hr_noclear"><!-- hr --></div> -<form method="get" action="<?php echo($_SERVER['PHP_SELF']); ?>" name="list_form"> +<form method="get" action="<?php echo(htmlentities($_SERVER['PHP_SELF'])); ?>" name="list_form"> <div class="push_right"> <?php -- GitLab