From 159a6fa7040bebf082519a2e52b925ff4afe82cc Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Thu, 15 Jan 2026 21:07:34 +0000
Subject: [PATCH] Sanitize reflected asdf GET parameter in index.php to prevent
 XSS

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 4707dd63ca..e39b3ebe0c 100644
--- a/index.php
+++ b/index.php
@@ -432,7 +432,7 @@
   }
 }
 
-echo $_GET['asdf'];
+echo htmlspecialchars(isset($_GET['asdf']) ? $_GET['asdf'] : '', ENT_QUOTES, 'UTF-8');
 
 //------------------------------------------------------------ end
 include(PHPWG_ROOT_PATH.'include/page_header.php');