From 188baaf1803f94343cd2f34d206b0362cd2c464f Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Thu, 5 Dec 2013 08:12:53 +0100
Subject: [PATCH] fix escaping of current filename, fixes #1316

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 lib/init.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/init.php b/lib/init.php
index ebbd421a..a21d913a 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -61,7 +61,7 @@ unset($_);
 unset($value);
 unset($key);
 
-$filename = basename($_SERVER['PHP_SELF']);
+$filename = htmlentities(basename($_SERVER['PHP_SELF']));
 
 // define default theme for configurehint, etc.
 $_deftheme = 'Sparkle';