aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-01-04 15:53:48 +0100
committerVirtualTam <virtualtam@flibidi.net>2018-01-04 18:18:11 +0100
commitaadec30ecd068a48ae3cbc920eff9f6ee47a24ed (patch)
treefd40bc77af1aed944873079bc8386ae150eac24e
parent8868f3ca461011a8fb6dd9f90b60ed697ab52fc5 (diff)
downloadShaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.tar.gz
Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.tar.zst
Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.zip
Fix XSS vulnerability
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
-rw-r--r--index.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php
index b4ccd1bd..d81712a6 100644
--- a/index.php
+++ b/index.php
@@ -459,7 +459,7 @@ if (isset($_POST['login']))
459 else 459 else
460 { 460 {
461 ban_loginFailed($conf); 461 ban_loginFailed($conf);
462 $redir = '&username='. $_POST['login']; 462 $redir = '&username='. urlencode($_POST['login']);
463 if (isset($_GET['post'])) { 463 if (isset($_GET['post'])) {
464 $redir .= '&post=' . urlencode($_GET['post']); 464 $redir .= '&post=' . urlencode($_GET['post']);
465 foreach (array('description', 'source', 'title') as $param) { 465 foreach (array('description', 'source', 'title') as $param) {