From 2518db86fa942e96252cc719738dc7c36dbcc6bb Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Thu, 15 Jan 2026 21:06:16 +0000
Subject: [PATCH] Sanitize adsf GET parameter in index.php to prevent reflected
 XSS

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 07eef75558..7cd9a7198c 100644
--- a/index.php
+++ b/index.php
@@ -11,7 +11,7 @@
 include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
 include(PHPWG_ROOT_PATH.'include/section_init.inc.php');
 
-echo $_GET['adsf'];
+echo isset($_GET['adsf']) ? htmlspecialchars($_GET['adsf'], ENT_QUOTES, 'UTF-8') : '';
 
 // Check Access and exit when user status is not ok
 check_status(ACCESS_GUEST);