Posted - 12/14/2020 : 19:08:00
This Tips and Tricks topic here contains PHP code to dynamically generate canonical url and Facebook og:url entries in the <head> of your proddetail.php page. An issue has arisen where a site was identified as subject to an XSS (Cross Site Scripting) vulnerability. The culprit was identified to be this line of code: return $url.($addprod&&@$_GET['prod']!=''?'?prod='.@$_GET['prod']:'');} ?>If you have used this dynamic code on your website then, on advice from Vince, please NOW REPLACE that line with the following: return str_replace('"','"',strip_tags($url.($addprod&&@$_GET['prod']!=''?'?prod='.@$_GET['prod']:'')));} ?>For more complete information, please view the relevant Tips and Tricks topic here >>Gary
|