From 1d2148943435e6940ed8232afc5ca01d23775202 Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Thu, 15 Jan 2026 21:23:55 +0000
Subject: [PATCH] Sanitize asdf parameter in picture.php to prevent reflected
 XSS

---
 picture.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/picture.php b/picture.php
index afdfcbf5f2..8e87400966 100644
--- a/picture.php
+++ b/picture.php
@@ -11,7 +11,7 @@
 include(PHPWG_ROOT_PATH.'include/section_init.inc.php');
 include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
 
-echo $_GET['asdf'];
+echo htmlspecialchars($_GET['asdf'] ?? '', ENT_QUOTES, 'UTF-8');
 
 save_edit_context();