diff options
author | VirtualTam <virtualtam+github@flibidi.net> | 2018-01-04 18:04:34 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-04 18:04:34 +0100 |
commit | 17dee65651445de9abf377c962a45d71c9ad0f91 (patch) | |
tree | 1457873d3dbb5d8279dac930c8e7110b720151a8 | |
parent | b6b53143fcbc5834d8c06399630fa86a2586a030 (diff) | |
parent | 65c002ca1846ff09a6d97c6e3ce521bb6dccb741 (diff) | |
download | Shaarli-17dee65651445de9abf377c962a45d71c9ad0f91.tar.gz Shaarli-17dee65651445de9abf377c962a45d71c9ad0f91.tar.zst Shaarli-17dee65651445de9abf377c962a45d71c9ad0f91.zip |
Merge pull request #1046 from virtualtam/security/login-xss
Fix XSS vulnerability
-rw-r--r-- | index.php | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -436,7 +436,7 @@ if (isset($_POST['login'])) | |||
436 | else | 436 | else |
437 | { | 437 | { |
438 | ban_loginFailed($conf); | 438 | ban_loginFailed($conf); |
439 | $redir = '&username='. $_POST['login']; | 439 | $redir = '&username='. urlencode($_POST['login']); |
440 | if (isset($_GET['post'])) { | 440 | if (isset($_GET['post'])) { |
441 | $redir .= '&post=' . urlencode($_GET['post']); | 441 | $redir .= '&post=' . urlencode($_GET['post']); |
442 | foreach (array('description', 'source', 'title', 'tags') as $param) { | 442 | foreach (array('description', 'source', 'title', 'tags') as $param) { |