From aadec30ecd068a48ae3cbc920eff9f6ee47a24ed Mon Sep 17 00:00:00 2001
From: VirtualTam <virtualtam@flibidi.net>
Date: Thu, 4 Jan 2018 15:53:48 +0100
Subject: [PATCH] Fix XSS vulnerability

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index b4ccd1bd..d81712a6 100644
--- a/index.php
+++ b/index.php
@@ -459,7 +459,7 @@ if (isset($_POST['login']))
     else
     {
         ban_loginFailed($conf);
-        $redir = '&username='. $_POST['login'];
+        $redir = '&username='. urlencode($_POST['login']);
         if (isset($_GET['post'])) {
             $redir .= '&post=' . urlencode($_GET['post']);
             foreach (array('description', 'source', 'title') as $param) {
-- 
2.41.0