From a014c9542710ad50fd1a7fd1eb39b44261edf3a2 Mon Sep 17 00:00:00 2001
From: Justin Bronder <jsbronder@gmail.com>
Date: Mon, 23 Dec 2013 11:39:03 -0500
Subject: [PATCH] CVE-2013-6395 fix xss

https://bugs.gentoo.org/show_bug.cgi?id=492580
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6395
---
 header.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/header.php b/header.php
index d0a30c2..e1cb0e8 100755
--- a/header.php
+++ b/header.php
@@ -485,7 +485,7 @@ $data->assign("custom_time", $custom_time);
 /////////////////////////////////////////////////////////////////////////
 if ( $context == "cluster" ) {
   if ( isset($user['host_regex']) && $user['host_regex'] != "" )
-    $set_host_regex_value="value='" . $user['host_regex'] . "'";
+    $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'";
   else
     $set_host_regex_value="";
 
-- 
1.8.3.2