diff -Nur phpki/phpki-0.82/include/common.php phpki_bz10626/phpki-0.82/include/common.php
--- phpki/phpki-0.82/include/common.php	2018-10-08 09:20:21.526025640 +0200
+++ phpki_bz10626/phpki-0.82/include/common.php	2018-10-08 09:22:31.486656132 +0200
@@ -7,8 +7,7 @@
 else
 	$PHPki_user = md5('default');
 
-$PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
-
+$PHP_SELF = htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF'], ENT_QUOTES, "utf-8");
 
 function printHeader($withmenu="default") {
 	global $config;
diff -Nur phpki/phpki-0.82/include/my_functions.php phpki_bz10626/phpki-0.82/include/my_functions.php
--- phpki/phpki-0.82/include/my_functions.php	2018-10-08 09:20:21.576025882 +0200
+++ phpki_bz10626/phpki-0.82/include/my_functions.php	2018-10-08 09:22:39.688695907 +0200
@@ -1,6 +1,6 @@
 <?php
 
-$PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
+$PHP_SELF = htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF'], ENT_QUOTES, "utf-8");
 
 #
 # Returns TRUE if browser is Internet Explorer.