diff options
| author | VirtualTam <virtualtam@flibidi.net> | 2018-01-04 15:53:48 +0100 |
|---|---|---|
| committer | VirtualTam <virtualtam@flibidi.net> | 2018-01-04 18:06:49 +0100 |
| commit | 5ec90c7155f7185b35feb59c47816fc4188a314d (patch) | |
| tree | c27c87c14462f8bc2a706145b700b57650140a42 | |
| parent | ecccb14e2ab4e5f372ea9946b29995c3c7122a5c (diff) | |
| download | Shaarli-5ec90c7155f7185b35feb59c47816fc4188a314d.tar.gz Shaarli-5ec90c7155f7185b35feb59c47816fc4188a314d.tar.zst Shaarli-5ec90c7155f7185b35feb59c47816fc4188a314d.zip | |
Fix XSS vulnerability
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| -rw-r--r-- | index.php | 2 |
1 files changed, 1 insertions, 1 deletions
| @@ -431,7 +431,7 @@ if (isset($_POST['login'])) | |||
| 431 | else | 431 | else |
| 432 | { | 432 | { |
| 433 | ban_loginFailed($conf); | 433 | ban_loginFailed($conf); |
| 434 | $redir = '&username='. $_POST['login']; | 434 | $redir = '&username='. urlencode($_POST['login']); |
| 435 | if (isset($_GET['post'])) { | 435 | if (isset($_GET['post'])) { |
| 436 | $redir .= '&post=' . urlencode($_GET['post']); | 436 | $redir .= '&post=' . urlencode($_GET['post']); |
| 437 | foreach (array('description', 'source', 'title', 'tags') as $param) { | 437 | foreach (array('description', 'source', 'title', 'tags') as $param) { |