aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-01-04 15:53:48 +0100
committerVirtualTam <virtualtam@flibidi.net>2018-01-04 15:53:48 +0100
commit65c002ca1846ff09a6d97c6e3ce521bb6dccb741 (patch)
tree1457873d3dbb5d8279dac930c8e7110b720151a8
parentb6b53143fcbc5834d8c06399630fa86a2586a030 (diff)
downloadShaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.tar.gz
Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.tar.zst
Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.zip
Fix XSS vulnerability
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
-rw-r--r--index.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php
index 9d5f25ea..27335a36 100644
--- a/index.php
+++ b/index.php
@@ -436,7 +436,7 @@ if (isset($_POST['login']))
436 else 436 else
437 { 437 {
438 ban_loginFailed($conf); 438 ban_loginFailed($conf);
439 $redir = '&username='. $_POST['login']; 439 $redir = '&username='. urlencode($_POST['login']);
440 if (isset($_GET['post'])) { 440 if (isset($_GET['post'])) {
441 $redir .= '&post=' . urlencode($_GET['post']); 441 $redir .= '&post=' . urlencode($_GET['post']);
442 foreach (array('description', 'source', 'title', 'tags') as $param) { 442 foreach (array('description', 'source', 'title', 'tags') as $param) {