diff --git a/main/inc/global.inc.php b/main/inc/global.inc.php
index 2ee2e67f20..eb454ff6b0 100644
--- a/main/inc/global.inc.php
+++ b/main/inc/global.inc.php
@@ -406,4 +406,7 @@ if(mysql_num_rows($q_last_connection) > 0)
 	$s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date=NOW() WHERE login_id='$i_id_last_connection'";
 	api_sql_query($s_sql_update_logout_date);
 }
+
+// preventing XSS injections on all scripts at once
+$_SERVER['PHP_SELF'] = api_get_self();
 ?>
\ No newline at end of file