From 63275d2fa938fa88445d5b565555b1aeb32c7899 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michaelrsweet@users.noreply.github.com>
Date: Mon, 31 Mar 2008 04:38:40 +0000
Subject: [PATCH] Quote PHP_SELF.

---
 www/phplib/globals.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/www/phplib/globals.php b/www/phplib/globals.php
index 651c3ea..4f66a14 100644
--- a/www/phplib/globals.php
+++ b/www/phplib/globals.php
@@ -28,11 +28,16 @@ global $_COOKIE, $_FILES, $_POST, $_SERVER;
 
 $argc           = $_SERVER["argc"];
 $argv           = $_SERVER["argv"];
-$PHP_SELF       = $_SERVER["PHP_SELF"];
 $REQUEST_METHOD = $_SERVER["REQUEST_METHOD"];
 $SERVER_NAME    = $_SERVER["SERVER_NAME"];
 $REMOTE_ADDR    = $_SERVER["REMOTE_ADDR"];
 
+// Handle PHP_SELF differently - we need to quote it properly...
+if (array_key_exists("PHP_SELF", $_SERVER))
+  $PHP_SELF = htmlspecialchars(urlencode($_SERVER["PHP_SELF"]), ENT_QUOTES);
+else
+  $PHP_SELF = "";
+
 if (array_key_exists("ISHTTPS", $_SERVER))
   $PHP_URL = "https://$_SERVER[SERVER_NAME]$_SERVER[PHP_SELF]";
 else