[url="https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=104554"][blue]This Tips and Tricks topic here[/blue][/url] contains PHP code to dynamically generate canonical url and Facebook og:url entries in the [purple]<head>[/purple] of your [maroon]proddetail.php[/maroon] page.

An issue has arisen where a site was identified as [red]subject to an XSS (Cross Site Scripting) vulnerability[/red]. The culprit was identified to be this line of code:

[font=Courier New]return $url.($addprod&&@$_GET['prod']!=''?'?prod='.@$_GET['prod']:'');} ?>[/font=Courier New]

If you have used this dynamic code on your website then, on advice from Vince, please NOW REPLACE that line with the following:

[size=3][font=Courier New][red]return str_replace('"','&quot;',strip_tags($url.($addprod&&@$_GET['prod']!=''?'?prod='.@$_GET['prod']:'')));} ?>[/red][/font=Courier New][/size=3]

For more complete information, please view the relevant [url="https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=104554"][blue]Tips and Tricks topic here >>[/blue][/url]

Gary
[img]https://itzap.com.au/pics/logo/itzap-website-design-works-mini-logo.png[/img]