Update install.php

[hugbubby]

No description provided.

[zeropath-ai]

❌ Possible security or compliance issues detected. Reviewed everything up to be6ed0c.

The following issues were found:

• Cross Site Scripting (XSS)

  • Location: install.php:12-13
  • Score: CRITICAL (90.0)
  • Description: The code directly echoes the GET parameter 'asdf' without any validation or encoding (echo $_GET['asdf'];). This is a reflected Cross-Site Scripting (XSS) vulnerability: an attacker can craft a URL such as /install.php?asdf=<script>...</script> to execute arbitrary JavaScript in the context of the site for any user who visits the URL.
  • Link to UI: https://zeropath.com/app/issues/fd9e90aa-04c8-4dc1-b940-cd4dc4fbb7dd

Security Overview

• 🔎 Scanned files: 1 changed file(s)
• 🔗 Scan Link: https://zeropath.com/app/repositories/67d9a10b-ebc6-417c-80b9-ad739d45b925?scanId=c7c4ce1c-a861-4aab-9b56-1957770ccc6a&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Other	► install.php     Added output of $_GET['asdf']

Reply to this PR with @zeropath-ai followed by a description of what change you want and we'll auto-submit a change to this PR to implement it.

[zeropath-ai-dev]

✅ No security or compliance issues detected. Reviewed everything up to 3b6375a.

Security Overview

• 🔎 Scanned files: 1 changed file(s)
• 🔗 Scan Link: https://dev.branch.zeropath.com/app/repositories/d9cf8881-7d91-495e-919b-1821f32afbca?scanId=572a1b23-feed-4442-ba13-a20d9a53803e&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Other	► install.php     Add GET parameter handling

Reply to this PR with @zeropath-ai followed by a description of what change you want and we'll auto-submit a change to this PR to implement it.

[zeropath-ai-dev]

Reflected XSS Vulnerability in install.php via 'asdf' Parameter (Severity: HIGH)

This reflected cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary JavaScript in a user's browser, potentially leading to account compromise or data theft. The install.php script directly echoes unsanitized input from the asdf GET parameter, as seen on lines 12-13, which causes any provided JavaScript code to be rendered in the response. An attacker can craft a malicious URL containing JavaScript, and when a user visits this link, the script will execute within their browser.
_{View details in ZeroPath}

Suggested change

	echo $_GET['asdf'];
	if (isset($_GET['asdf'])) {
	echo htmlspecialchars($_GET['asdf'], ENT_QUOTES, 'UTF-8');
	}

[zeropath-ai-staging]

Reflected XSS Vulnerability in install.php via GET Parameter (Severity: HIGH)

This reflected cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript in a user's browser, potentially leading to session hijacking or defacement. The install.php script directly outputs the value of the asdf GET parameter on lines 12-13 using echo $_GET['asdf'] without any sanitization. This allows an attacker to inject malicious scripts into the page by crafting a URL with a JavaScript payload in the asdf parameter.
_{View details in ZeroPath}

Suggested change

	echo $_GET['asdf'];
	if (isset($_GET['asdf']) && $_GET['asdf'] !== '') {
	echo htmlspecialchars($_GET['asdf'], ENT_QUOTES, 'UTF-8');
	}

[zeropath-ai-staging]

✅ No security or compliance issues detected. Reviewed everything up to 3b6375a.

Security Overview

• 🔎 Scanned files: 1 changed file(s)
• 🔗 Scan Link: https://staging.branch.zeropath.com/app/repositories/c5d8a022-9631-45a3-937f-404f77ff821a?scanId=a194f403-45eb-44e2-ae60-fc3fdebab1e5&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Other	► install.php     Added code block using $_GET

Reply to this PR with @zeropath-ai followed by a description of what change you want and we'll auto-submit a change to this PR to implement it.