From 21983f27b6d4d85d8e0daea11171a4da2eb4adcd Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Wed, 25 Aug 2021 16:36:09 +0200
Subject: [PATCH] secure commonly used filename-variable against url
 manipulation

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/init.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/init.php b/lib/init.php
index 11d48d10..0448a244 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -103,7 +103,7 @@ unset($_);
 unset($value);
 unset($key);
 
-$filename = htmlentities(basename($_SERVER['PHP_SELF']));
+$filename = htmlentities(basename($_SERVER['SCRIPT_NAME']));
 
 // check whether the userdata file exists
 if (! file_exists(\Froxlor\Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {