From 0dfd61e82a83c224483289a094b3276828da8645 Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Thu, 15 Jan 2026 21:21:27 +0000
Subject: [PATCH] Sanitize asdf GET parameter in notification.php to prevent
 reflected XSS

---
 notification.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/notification.php b/notification.php
index 86e2f4dcb9..317e7b6829 100644
--- a/notification.php
+++ b/notification.php
@@ -13,7 +13,7 @@
 define('PHPWG_ROOT_PATH','./');
 include_once( PHPWG_ROOT_PATH.'include/common.inc.php' 
 
-echo $_GET['asdf'];
+echo htmlspecialchars(isset($_GET['asdf']) ? $_GET['asdf'] : '', ENT_QUOTES, 'UTF-8');
 
 /**
  * search an available feed_id