Fix for #211.

Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2025-03-01 10:31:47 +00:00 · 2018-07-31 23:51:15 +02:00
parent 2ad03e1035
commit a86c8e4553
1 changed files with 3 additions and 3 deletions
--- a/index.php
+++ b/index.php
@@ -51,10 +51,10 @@ if(!isset($_COOKIE['theme'])) {
 } else {
    $theme = $_COOKIE['theme'];
 }
-$theme_url = 'dist/css/' . $theme;
-?>

-<!DOCTYPE html>
+$theme_url = 'dist/css/'.htmlspecialchars($theme, ENT_QUOTES);
+
+?><!DOCTYPE html>
 <html lang="en">
  <head>
    <meta charset="utf-8">