From bd1d3e5c0409c80ef6ed72860f6984908abf85a0 Mon Sep 17 00:00:00 2001
From: maximest-pierre <me@maximest-pierre.me>
Date: Fri, 23 Mar 2018 06:52:03 -0400
Subject: [PATCH] Fix xss with error message

---
 controller/action/AcquisitionActions.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/controller/action/AcquisitionActions.class.php b/controller/action/AcquisitionActions.class.php
index df4f039a..5bb6575c 100644
--- a/controller/action/AcquisitionActions.class.php
+++ b/controller/action/AcquisitionActions.class.php
@@ -32,7 +32,7 @@ class AcquisitionActions extends Actions
   {
     return ['acquisition/youtube', [
         'reward' => LBRY::youtubeReward(),
-        'error_message' => $_GET['error_message'] ?? null
+        'error_message' => Request::encodeStringFromUser($_GET['error_message']) ?? null
     ]];
   }
 
@@ -51,7 +51,7 @@ class AcquisitionActions extends Actions
     return ['acquisition/youtube_status', [
         'token' => $token,
         'status_token' => LBRY::statusYoutube($token),
-        'error_message' => $_GET['error_message'] ?? null
+        'error_message' => Request::encodeStringFromUser($_GET['error_message']) ?? null
     ]];
   }