$a->page['aside'] = '';
if($a->argc > 1)
- $which = $a->argv[1];
+ $which = htmlspecialchars($a->argv[1]);
else {
$r = q("select nickname from user where blocked = 0 and account_expired = 0 and account_removed = 0 and verified = 1 order by rand() limit 1");
if(count($r)) {
$profile = 0;
if((local_user()) && ($a->argc > 2) && ($a->argv[2] === 'view')) {
$which = $a->user['nickname'];
- $profile = $a->argv[1];
+ $profile = htmlspecialchars($a->argv[1]);
}
else {
auto_redir($a, $which);
<html>
<head>
<title><?php if(x($page,'title')) echo $page['title'] ?></title>
- <meta request="<?php echo $_REQUEST['pagename'] ?> ">
+ <meta request="<?php echo htmlspecialchars($_REQUEST['pagename']) ?> ">
<script>var baseurl="<?php echo $a->get_baseurl() ?>";</script>
<script>var frio="<?php echo "view/theme/frio"; ?>";</script>
<?php $baseurl = $a->get_baseurl(); ?>
<head>
<title><?php if(x($page,'title')) echo $page['title'] ?></title>
<meta name="viewport" content="initial-scale=1.0">
- <meta request="<?php echo $_REQUEST['pagename'] ?> ">
+ <meta request="<?php echo htmlspecialchars($_REQUEST['pagename']) ?> ">
<script>var baseurl="<?php echo $a->get_baseurl() ?>";</script>
<script>var frio="<?php echo "view/theme/frio"; ?>";</script>
<?php $baseurl = $a->get_baseurl(); ?>