From: bradymiller <bradymiller@users.sourceforge.net>
Date: Thu, 14 Feb 2013 22:24:15 +0000 (-0800)
Subject: Security Fix (xss)
X-Git-Tag: whats-been-changed~405
X-Git-Url: https://repo.or.cz/w/openemr.git/commitdiff_plain/ada2650ee60e3599b77408a1aa61f480f8693681

Security Fix (xss)
---

diff --git a/interface/globals.php b/interface/globals.php
index 12a0ff719..b1f07e362 100644
--- a/interface/globals.php
+++ b/interface/globals.php
@@ -103,7 +103,7 @@ if (empty($_SESSION['site_id']) || !empty($_GET['site'])) {
     if (!is_dir($GLOBALS['OE_SITES_BASE'] . "/$tmp")) $tmp = "default";
   }
   if (empty($tmp) || preg_match('/[^A-Za-z0-9\\-.]/', $tmp))
-    die("Site ID '$tmp' contains invalid characters.");
+    die("Site ID '". htmlspecialchars($tmp,ENT_NOQUOTES) . "' contains invalid characters.");
   if (!isset($_SESSION['site_id']) || $_SESSION['site_id'] != $tmp) {
     $_SESSION['site_id'] = $tmp;
     //error_log("Session site ID has been set to '$tmp'"); // debugging