Fix XSS vulnerability

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
author: VirtualTam <virtualtam@flibidi.net> 2018-01-04 15:53:48 +0100
committer: VirtualTam <virtualtam@flibidi.net> 2018-01-04 15:53:48 +0100
commit: 65c002ca1846ff09a6d97c6e3ce521bb6dccb741 (patch)
tree: 1457873d3dbb5d8279dac930c8e7110b720151a8 /index.php
parent: b6b53143fcbc5834d8c06399630fa86a2586a030 (diff)
download: Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.tar.gz
Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.tar.zst
Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php
index 9d5f25ea..27335a36 100644
--- a/index.php
+++ b/index.php
@@ -436,7 +436,7 @@ if (isset($_POST['login']))
    else
    {
        ban_loginFailed($conf);
-        $redir = '&username='. $_POST['login'];
+        $redir = '&username='. urlencode($_POST['login']);
        if (isset($_GET['post'])) {
            $redir .= '&post=' . urlencode($_GET['post']);
            foreach (array('description', 'source', 'title', 'tags') as $param) {
author	VirtualTam <virtualtam@flibidi.net>	2018-01-04 15:53:48 +0100
committer	VirtualTam <virtualtam@flibidi.net>	2018-01-04 15:53:48 +0100
commit	65c002ca1846ff09a6d97c6e3ce521bb6dccb741 (patch)
tree	1457873d3dbb5d8279dac930c8e7110b720151a8 /index.php
parent	b6b53143fcbc5834d8c06399630fa86a2586a030 (diff)
download	Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.tar.gz Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.tar.zst Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.zip

diff --git a/index.php b/index.php index 9d5f25ea..27335a36 100644 --- a/index.php +++ b/index.php
@@ -436,7 +436,7 @@ if (isset($_POST['login']))
436	else	436	else
437	{	437	{
438	ban_loginFailed($conf);	438	ban_loginFailed($conf);
439	$redir = '&username='. $_POST['login'];	439	$redir = '&username='. urlencode($_POST['login']);
440	if (isset($_GET['post'])) {	440	if (isset($_GET['post'])) {
441	$redir .= '&post=' . urlencode($_GET['post']);	441	$redir .= '&post=' . urlencode($_GET['post']);
442	foreach (array('description', 'source', 'title', 'tags') as $param) {	442	foreach (array('description', 'source', 'title', 'tags') as $param) {