From e2fa5ea6fa0bf90043e041c7cfc6fa036834758c Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <lfleischer@archlinux.org>
Date: Sun, 5 Nov 2017 11:27:36 +0100
Subject: [PATCH] login.php: Escape quotes in the referer field

Replace special characters in the referer GET parameter using
htmlspecialchars() before inserting it into the login form fields to
prevent from XSS attacks.

Fixes FS#55286.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 web/html/login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/html/login.php b/web/html/login.php
index a55ce057..df517055 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -41,7 +41,7 @@ html_header('AUR ' . __("Login"));
 				<input type="submit" class="button" value="<?php  print __("Login"); ?>" />
 				<a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a>
 				<?php if (in_request('referer') !== ""): ?>
-				<input id="id_referer" type="hidden" name="referer" value="<?= in_request('referer') ?>" />
+				<input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars(in_request('referer'), ENT_QUOTES) ?>" />
 				<?php elseif (isset($_SERVER['HTTP_REFERER'])): ?>
 				<input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES) ?>" />
 				<?php endif; ?>
-- 
2.11.4.GIT