escape provided url better (fix XSS vuln) - thanks to Flippo Cavallarin for reporting this

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@1322 a1433add-5e2c-0410-b055-b7f2511e0802
13 years ago · 5c4d9e48bd
parent 9fb0f040c9
commit 5c4d9e48bd
1 changed files with 1 additions and 2 deletions
--- a/templates/edit-vacation.php
+++ b/templates/edit-vacation.php
@ -2,8 +2,7 @@
 <script type="text/javascript">
 function newLocation()
 {
-window.location="<?php print $fCanceltarget; ?>"
-
+    window.location= "<?php echo urlencode($fCanceltarget); ?>"
 }
 </script>
 <div id="edit_form">