From 9754b8c1967d754ee8028359336b7b48bc1d2e06 Mon Sep 17 00:00:00 2001
From: Phoenix Eve Aspacio <aspaciop@gmail.com>
Date: Sun, 11 Jun 2017 07:58:30 +0800
Subject: [PATCH] Escape HTML special chars
---
data/web/index.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/data/web/index.php b/data/web/index.php
index 2bc6e570..3202fb5b 100644
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -69,7 +69,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
<?php
foreach ($MAILCOW_APPS as $app):
?>
- <a href="<?= $app['link']; ?>" role="button" class="btn btn-lg btn-default"><?= $app['name']; ?></a>
+ <a href="<?= htmlspecialchars($app['link']); ?>" role="button" title="<?= htmlspecialchars($app['description']); ?>" class="btn btn-lg btn-default"><?= htmlspecialchars($app['name']); ?></a>
<?php
endforeach;
?>