From 5343feef33069ea26c27484e529077a416cb1db4 Mon Sep 17 00:00:00 2001
From: Damian Schwyrz <Damian89@users.noreply.github.com>
Date: Sat, 11 Jun 2016 16:18:13 +0200
Subject: [PATCH] Small XSS Fix

Unlikely, but under certain preconditions it's possible to manipulate $_SERVER['SERVER_SOFTWARE'].
---
 inc/sysinfo.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/sysinfo.php b/inc/sysinfo.php
index ffd9906..e5d9af1 100755
--- a/inc/sysinfo.php
+++ b/inc/sysinfo.php
@@ -200,7 +200,7 @@ public function get( $show_inactive = false, $id = 'system-info-box', $class = n
             $return .= "\n" . '-- Webserver Configuration' . "\n\n";
             $return .= 'PHP Version:              ' . PHP_VERSION . "\n";
             $return .= 'MySQL Version:            ' . mysql_get_server_info() . "\n";
-            $return .= 'Webserver Info:           ' . $_SERVER['SERVER_SOFTWARE'] . "\n";
+            $return .= 'Webserver Info:           ' . esc_html($_SERVER['SERVER_SOFTWARE']) . "\n";
 
             if( has_filter( 'ssi_after_webserver_config' ) )
                 $return .= apply_filters( 'ssi_after_webserver_config', $return );