From 7d269b106eb68393bd422782a7f213c8116e5e19 Mon Sep 17 00:00:00 2001
From: Thierry Degeling <thierry@syn2cat.lu>
Date: Sat, 25 Apr 2015 14:45:15 +0200
Subject: [PATCH] fixing xss reported by @defane

---
 index-large.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/index-large.php b/index-large.php
index 4f6be9a..71b2a6d 100644
--- a/index-large.php
+++ b/index-large.php
@@ -1,5 +1,4 @@
 <?php
-  $code = $_GET["code"];
   $number = array('oh!', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine');
   $description = array (
     401 =>  "of something you cannot see<br />because you are not logged in",
@@ -7,11 +6,16 @@
     404 =>  'sorry, that page doesn\'t<br />exist or has been moved',
     500 =>  "of something that cannot be shown<br />because the server failed to process it"
   );
+  if ( !array_key_exists( $_GET["code"] , $description ) ) {
+    $code = '500';
+  } else {
+    $code = $_GET["code"];
+  }
 ?>
 <!doctype html>
 <html>
   <head>
-    <title>Error <?php echo $_GET["code"]?></title>
+    <title>Error <?=$code?></title>
     <meta name="robots" content="noindex">
     <style type="text/css">
       @font-face{