From b5ac020a568d2b3de7e4031d51d929c1da01cf13 Mon Sep 17 00:00:00 2001
From: Michele0303 <31160531+Michele0303@users.noreply.github.com>
Date: Tue, 2 Aug 2022 19:32:21 +0200
Subject: [PATCH] Update MySQL_markers.php

cross-site scripting reflected fixed
---
 .../main/resources/extracted/web/standalone/MySQL_markers.php   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/DynmapCore/src/main/resources/extracted/web/standalone/MySQL_markers.php b/DynmapCore/src/main/resources/extracted/web/standalone/MySQL_markers.php
index 688ebe6d..cfa55921 100644
--- a/DynmapCore/src/main/resources/extracted/web/standalone/MySQL_markers.php
+++ b/DynmapCore/src/main/resources/extracted/web/standalone/MySQL_markers.php
@@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
     $loggedin = true;
 }
 
-$path = $_REQUEST['marker'];
+$path = htmlspecialchars($_REQUEST['marker']);
 if ((!isset($path)) || strstr($path, "..")) {
     header('HTTP/1.0 500 Error');
     echo "<h1>500 Error</h1>";