From 06afa866027b0a06a1089f1d717f87609efa75e5 Mon Sep 17 00:00:00 2001
From: Willy <willy@willy.club>
Date: Mon, 6 Sep 2021 09:15:56 +0200
Subject: [PATCH] Add some safety to $templateUrlPrefix

---
 template/_header.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/template/_header.php b/template/_header.php
index 7c18a3a..0018738 100644
--- a/template/_header.php
+++ b/template/_header.php
@@ -4,7 +4,7 @@
 // Typically we put this before any local urls, such as navigation, icons etc to ensure that they use the correct path.
 $templateUrlPrefix = dirname(str_replace(realpath($_SERVER['DOCUMENT_ROOT']), '', realpath(__DIR__)));
 if ((strlen($templateUrlPrefix) > 1)) {
-    $templateUrlPrefix = $templateUrlPrefix . DIRECTORY_SEPARATOR;
+    $templateUrlPrefix = htmlspecialchars($templateUrlPrefix . DIRECTORY_SEPARATOR);
 }
 
 if ($templateParameters["render"] === false) {