From 3f13e382f5572d3e9a2aa6fabcb9f3c01b753171 Mon Sep 17 00:00:00 2001
From: Oleg Sh <>
Date: Sat, 16 Mar 2024 14:49:56 +0100
Subject: [PATCH] Fixed Reflected XSS:
 https://github.com/UnickSoft/graphonline/issues/49

---
 tpl/home.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tpl/home.php b/tpl/home.php
index 286d73a..ba02dba 100755
--- a/tpl/home.php
+++ b/tpl/home.php
@@ -748,9 +748,9 @@
 
     <p id="renameVertex" class="translation"><?= L('rename_vertex')?></p>
     <p id="renameText" class="translation"><?= L('rename_text')?></p>
-    <p id="inputMatrix" class="translation"><?= isset($_POST["matrix"]) ? $_POST["matrix"] : ""?></p>
-    <p id="separator" class="translation"><?= isset($_POST["separator"]) ? $_POST["separator"] : ""?></p>
-    <p id="inputIncidenceMatrix" class="translation"><?= isset($_POST["incidenceMatrix"]) ? $_POST["incidenceMatrix"] : ""?></p>
+    <p id="inputMatrix" class="translation"><?= isset($_POST["matrix"]) ? htmlspecialchars ($_POST["matrix"]) : ""?></p>
+    <p id="separator" class="translation"><?= isset($_POST["separator"]) ? htmlspecialchars ($_POST["separator"]) : ""?></p>
+    <p id="inputIncidenceMatrix" class="translation"><?= isset($_POST["incidenceMatrix"]) ? htmlspecialchars ($_POST["incidenceMatrix"]) : ""?></p>
     <p id="inputPair" class="translation"><?= isset($_POST["pairs"]) ? str_replace("<", "&lt;", str_replace(">", "&gt;", $_POST["pairs"])) : ""?></p>
     <p id="currentLanguage" class="translation"><?= L('current_language')?></p>
     <p id="editWeight" class="translation"><?= L('edit_weight')?></p>