From: VirtualTam <virtualtam+github@flibidi.net>
Date: Thu, 4 Jan 2018 17:04:34 +0000 (+0100)
Subject: Merge pull request #1046 from virtualtam/security/login-xss
X-Git-Tag: v0.9.4~16
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=17dee65651445de9abf377c962a45d71c9ad0f91;hp=b6b53143fcbc5834d8c06399630fa86a2586a030;p=github%2Fshaarli%2FShaarli.git

Merge pull request #1046 from virtualtam/security/login-xss

Fix XSS vulnerability
---

diff --git a/index.php b/index.php
index 9d5f25ea..27335a36 100644
--- a/index.php
+++ b/index.php
@@ -436,7 +436,7 @@ if (isset($_POST['login']))
     else
     {
         ban_loginFailed($conf);
-        $redir = '&username='. $_POST['login'];
+        $redir = '&username='. urlencode($_POST['login']);
         if (isset($_GET['post'])) {
             $redir .= '&post=' . urlencode($_GET['post']);
             foreach (array('description', 'source', 'title', 'tags') as $param) {