From 66f870398e516e1bfa7e16f7e27ce2bdf9fef9f8 Mon Sep 17 00:00:00 2001
From: Yannick Warnier <yannick.warnier@beeznest.com>
Date: Mon, 12 Mar 2007 16:31:27 +0100
Subject: [PATCH] [svn r11543] Added api_get_self() which returns an escaped
 version of $_SERVER['PHP_SELF'] which itself ISN'T SAFE (open to XSS)!

---
 main/inc/lib/main_api.lib.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php
index 99e5b589db..f1f399a7f3 100644
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@@ -914,6 +914,15 @@ function api_get_setting($variable, $key = NULL)
 	return is_null($key) ? $_setting[$variable] : $_setting[$variable][$key];
 }
 
+/**
+ * Returns an escaped version of $_SERVER['PHP_SELF'] to avoid XSS injection
+ * @return	string	Escaped version of $_SERVER['PHP_SELF']
+ */
+function api_get_self()
+{
+	return htmlentities($_SERVER['PHP_SELF']);
+}
+
 /*
 ==============================================================================
 		LANGUAGE SUPPORT