From bbfd7dc3964be6a395cd1f681cd9bee6c6d79abf Mon Sep 17 00:00:00 2001
From: Lazarus <git@devbeejohn.de>
Date: Sun, 7 Jan 2024 14:58:33 +0100
Subject: [PATCH] Fix possible XSS.

---
 index.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/index.php b/index.php
index 455e57f..1ecf01b 100644
--- a/index.php
+++ b/index.php
@@ -12,6 +12,9 @@ $domain = $_SERVER['HTTP_HOST'];
 $php_self = $_SERVER['PHP_SELF']; // by default: /htmgem/index.php
 $php_self_dir = dirname($php_self);
 $url = @$_REQUEST["url"];
+
+$style = htmlspecialchars(@$_REQUEST['style']);
+
 $urlRewriting = @$_REQUEST["rw"]=="1";
 
 /**
@@ -82,8 +85,6 @@ $fileContents = @file_get_contents($filePath);
 
 /* CSS and special style management
  */
-
-$style = @$_REQUEST['style'];
 if ("source" == $style) {
     $basename = basename($filePath);
     header("Cache-Control: public");
@@ -129,5 +130,4 @@ if (empty($style)) {
 if ($urlRewriting)
     echo \htmgem\html\getHtmlWithMenu($gt_html, $scheme, $domain, $url);
 else
-    echo \htmgem\html\getHtmlWithMenu($gt_html, $scheme, $domain, $url, "$php_self?url=");
-
+    echo \htmgem\html\getHtmlWithMenu($gt_html, $scheme, $domain, $url, "$php_self?url=");
\ No newline at end of file