From e7dde4d2125ae2cfe340301eca2157bb0718a88f Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Mon, 18 Jul 2016 15:21:32 +0200
Subject: [PATCH] cleaning REQUEST_URI for good measure

---
 lib/privatebin.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/privatebin.php b/lib/privatebin.php
index f47e96c..baf9864 100644
--- a/lib/privatebin.php
+++ b/lib/privatebin.php
@@ -176,7 +176,8 @@ class privatebin
         $this->_conf = new configuration;
         $this->_model = new model($this->_conf);
         $this->_request = new request;
-        $this->_urlbase = array_key_exists('REQUEST_URI', $_SERVER) ? $_SERVER['REQUEST_URI'] : '/';
+        $this->_urlbase = array_key_exists('REQUEST_URI', $_SERVER) ?
+            htmlspecialchars($_SERVER['REQUEST_URI']) : '/';
 
         // set default language
         $lang = $this->_conf->getKey('languagedefault');