From 01b43f55127a72f3f6233ff824d3fa6a5106db0f Mon Sep 17 00:00:00 2001
From: nosolored <nosolored@gmail.com>
Date: Fri, 17 Mar 2017 10:09:50 +0100
Subject: [PATCH] Fix coding covention and add security to the variable
 $_SERVER

---
 main/auth/inscription.php         | 2 +-
 plugin/buycourses/src/process.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/main/auth/inscription.php b/main/auth/inscription.php
index e18eb35319..4f970fda47 100755
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@@ -719,7 +719,7 @@ if ($form->validate()) {
         }
     }
 
-    if(!empty($_SESSION['urlReturn'])){
+    if (!empty($_SESSION['urlReturn'])) {
         $form_data['action'] = api_get_path(WEB_PATH).$_SESSION['urlReturn'];
         Session::erase('urlReturn');
     }
diff --git a/plugin/buycourses/src/process.php b/plugin/buycourses/src/process.php
index 751aa55c12..622146a492 100644
--- a/plugin/buycourses/src/process.php
+++ b/plugin/buycourses/src/process.php
@@ -13,7 +13,7 @@ use ChamiloSession as Session;
 $currentUserId = api_get_user_id();
 
 if (empty($currentUserId)) {
-    Session::write('urlReturn', $_SERVER['REQUEST_URI']);
+    Session::write('urlReturn', Security :: remove_XSS($_SERVER['REQUEST_URI']));
     header('Location: ' . api_get_path(WEB_CODE_PATH) . 'auth/inscription.php');
     exit;
 }