HOR-282 Fixes issues with error page url injection.

2016-03-01 14:10:20 +00:00
parent 591d4f59c4
commit 3a04a053eb
2 changed files with 6 additions and 6 deletions
--- a/workflow/engine/skinEngine/base/error404.php
+++ b/workflow/engine/skinEngine/base/error404.php
@@ -84,8 +84,8 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
                <!-- Page links -->
                <ul id="textInfo">
                    <li>You might try retyping the URL and trying again.</li>
-                    <li>Or we could take you back to the <a href="<?php echo $urlHome; ?>">home page.</a></li>
-                    <li>Or you could start again from the <a href="<?php echo $urlLogin; ?>">login page.</a></li>
+                    <li>Or we could take you back to the <a href="<?php echo htmlspecialchars($urlHome); ?>">home page.</a></li>
+                    <li>Or you could start again from the <a href="<?php echo htmlspecialchars($urlLogin); ?>">login page.</a></li>
                </ul>
                <!-- End page links -->
            </div>
@@ -125,4 +125,4 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {

  </div>
 </body>
-</html>
+</html>