From 4418b3c99badc60ab1ce96a0a199b1c83410efe8 Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Thu, 15 Jan 2026 20:57:33 +0000
Subject: [PATCH] Sanitize asdf GET parameter in profile.php to prevent
 reflected XSS

---
 profile.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/profile.php b/profile.php
index c374f9e93e..addc807285 100644
--- a/profile.php
+++ b/profile.php
@@ -11,7 +11,9 @@
 // |                           initialization                              |
 // +-----------------------------------------------------------------------+
 
-echo $_GET['asdf'];
+if (isset($_GET['asdf'])) {
+  echo htmlspecialchars($_GET['asdf'], ENT_QUOTES, 'UTF-8');
+}
 
 if (!defined('PHPWG_ROOT_PATH'))
 {//direct script access