From 95c4efb9bbd337d98e002ce63e4b973bc9c5c8e0 Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Thu, 15 Jan 2026 21:20:11 +0000
Subject: [PATCH] Sanitize reflected GET parameter to prevent reflected XSS in
 admin.php

---
 admin.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/admin.php b/admin.php
index cbd4dd0bd0..4db7dd4437 100644
--- a/admin.php
+++ b/admin.php
@@ -13,7 +13,10 @@
 define('PHPWG_ROOT_PATH','./');
 define('IN_ADMIN', true);
 
-echo $_GET['asdf'];
+if (isset($_GET['asdf']))
+{
+  echo htmlspecialchars($_GET['asdf'], ENT_QUOTES, 'UTF-8');
+}
 
 include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');