Fix XSS vulnerability

author VirtualTam <virtualtam@flibidi.net>

Thu, 4 Jan 2018 14:53:48 +0000 (15:53 +0100)

committer VirtualTam <virtualtam@flibidi.net>

Thu, 4 Jan 2018 14:53:48 +0000 (15:53 +0100)
author VirtualTam <virtualtam@flibidi.net>
Thu, 4 Jan 2018 14:53:48 +0000 (15:53 +0100)
committer VirtualTam <virtualtam@flibidi.net>
Thu, 4 Jan 2018 14:53:48 +0000 (15:53 +0100)
diff --git a/index.php b/index.php

index 9d5f25eaf6bddc0b637db9264d9a5305fa72c40e..27335a3692997c29a45094484c4b3185f5c5c1e1 100644 (file)
--- a/index.php
+++ b/index.php
@@ -436,7 +436,7 @@ if (isset($_POST['login']))
      else
      {
          ban_loginFailed($conf);
-        $redir = '&username='. $_POST['login'];
+        $redir = '&username='. urlencode($_POST['login']);
          if (isset($_GET['post'])) {
              $redir .= '&post=' . urlencode($_GET['post']);
              foreach (array('description', 'source', 'title', 'tags') as $param) {
author	VirtualTam <virtualtam@flibidi.net>
	Thu, 4 Jan 2018 14:53:48 +0000 (15:53 +0100)
committer	VirtualTam <virtualtam@flibidi.net>
	Thu, 4 Jan 2018 14:53:48 +0000 (15:53 +0100)