From e017b5c88321c980285ee0ccfdcccb36daef3943 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.de>
Date: Thu, 25 Dec 2025 20:33:23 +0100
Subject: [PATCH] Minor security fix for XSS vulnerability - previously
 mitigated by CSP

---
 chat.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/chat.php b/chat.php
index 0ed230c..7b4f291 100644
--- a/chat.php
+++ b/chat.php
@@ -2228,14 +2228,14 @@ function send_del_confirm(): void
 		echo hidden('multi', 'on');
 	}
 	if(isset($_POST['sendto'])){
-		echo hidden('sendto', $_POST['sendto']);
+		echo hidden('sendto', htmlspecialchars($_POST['sendto']));
 	}
-	echo hidden('confirm', 'yes').hidden('what', $_POST['what']).submit(_('Yes'), 'class="delbutton"').'</form></td><td>'.form('post');
+	echo hidden('confirm', 'yes').hidden('what', htmlspecialchars($_POST['what'])).submit(_('Yes'), 'class="delbutton"').'</form></td><td>'.form('post');
 	if(isset($_POST['multi'])){
 		echo hidden('multi', 'on');
 	}
 	if(isset($_POST['sendto'])){
-		echo hidden('sendto', $_POST['sendto']);
+		echo hidden('sendto', htmlspecialchars($_POST['sendto']));
 	}
 	echo submit(_('No'), 'class="backbutton"').'</form></td><tr></table>';
 	print_end();