This Tips and Tricks topic here contains PHP code to dynamically generate canonical url and Facebook og:url entries in the <head> of your proddetail.php page.

An issue has arisen where a site was identified as subject to an XSS (Cross Site Scripting) vulnerability. The culprit was identified to be this line of code:

return $url.($addprod&&@$_GET['prod']!=''?'?prod='.@$_GET['prod']:'');} ?>

If you have used this dynamic code on your website then, on advice from Vince, please NOW REPLACE that line with the following:

return str_replace('"','&quot;',strip_tags($url.($addprod&&@$_GET['prod']!=''?'?prod='.@$_GET['prod']:'')));} ?>

For more complete information, please view the relevant Tips and Tricks topic here >>

Gary