Pass path parameter through htmlpecialchars()

1 files changed, 1 insertions, 1 deletions

diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php
index 9dae23d..403cf8e 100644
--- a/usr/local/www/edit.php
+++ b/usr/local/www/edit.php
@@ -241,7 +241,7 @@ outputJavaScriptFileInline("javascript/base64.js");
 	<?php if($_GET['action'] == "load"): ?>
 		jQuery(window).load(
 			function() {
-				jQuery("#fbTarget").val("<?=$_GET['path'];?>");
+				jQuery("#fbTarget").val("<?=htmlspecialchars($_GET['path']);?>");
 				loadFile();
 			}
 		);