From 2356e10efe287a581b9073757f8dd0ab564bf4bc Mon Sep 17 00:00:00 2001
From: Andre Lorbach <alorbach@adiscon.com>
Date: Wed, 9 Jan 2013 11:34:20 +0100
Subject: [PATCH] Fixed Cross Site Scripting Issue in userchange.php

Debugcode for handling invalid ViewID's left a XSS opportunity open.
---
 src/userchange.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/userchange.php b/src/userchange.php
index 935c6b1..26812ed 100644
--- a/src/userchange.php
+++ b/src/userchange.php
@@ -80,7 +80,7 @@ if ( isset($_GET['op']) )
 		else
 		{
 			// DEBUG
-			echo "DEBUG: " . $_SESSION['currentSourceID'] . " - $newViewID";
+			echo "DEBUG: " . $_SESSION['currentSourceID'] . " - " . htmlspecialchars($newViewID);
 			exit;
 		}
 	}