From 750b789d51aef79f82dd322599ee4ad3e0ef2276 Mon Sep 17 00:00:00 2001
From: mattab <matthieu.aubry@gmail.com>
Date: Mon, 25 Mar 2013 18:53:03 +1300
Subject: [PATCH] Missing encode for URLs display for super user

---
 core/Controller.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/Controller.php b/core/Controller.php
index 85d333fd43..0c625bde6e 100644
--- a/core/Controller.php
+++ b/core/Controller.php
@@ -521,8 +521,9 @@ abstract class Piwik_Controller
 			$invalidUrl = Piwik_Url::getCurrentUrlWithoutQueryString($checkIfTrusted = false);
 			$validUrl = Piwik_Url::getCurrentScheme() . '://' . $validHost
 					  . Piwik_Url::getCurrentScriptName();
+            $invalidUrl = Piwik_Common::sanitizeInputValue($invalidUrl);
+            $validUrl = Piwik_Common::sanitizeInputValue($validUrl);
 
-			$validLink = "<a href=\"$validUrl\">$validUrl</a>";
 			$changeTrustedHostsUrl = "index.php"
 				. Piwik_Url::getCurrentQueryStringWithParametersModified(array(
 					'module' => 'CoreAdminHome',
-- 
GitLab