Fix XSS vulnerability

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
author: VirtualTam <virtualtam@flibidi.net> 2018-01-04 15:53:48 +0100
committer: VirtualTam <virtualtam@flibidi.net> 2018-01-04 18:18:11 +0100
commit: aadec30ecd068a48ae3cbc920eff9f6ee47a24ed (patch)
tree: fd40bc77af1aed944873079bc8386ae150eac24e /index.php
parent: 8868f3ca461011a8fb6dd9f90b60ed697ab52fc5 (diff)
download: Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.tar.gz
Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.tar.zst
Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php
index b4ccd1bd..d81712a6 100644
--- a/index.php
+++ b/index.php
@@ -459,7 +459,7 @@ if (isset($_POST['login']))
    else
    {
        ban_loginFailed($conf);
-        $redir = '&username='. $_POST['login'];
+        $redir = '&username='. urlencode($_POST['login']);
        if (isset($_GET['post'])) {
            $redir .= '&post=' . urlencode($_GET['post']);
            foreach (array('description', 'source', 'title') as $param) {
author	VirtualTam <virtualtam@flibidi.net>	2018-01-04 15:53:48 +0100
committer	VirtualTam <virtualtam@flibidi.net>	2018-01-04 18:18:11 +0100
commit	aadec30ecd068a48ae3cbc920eff9f6ee47a24ed (patch)
tree	fd40bc77af1aed944873079bc8386ae150eac24e /index.php
parent	8868f3ca461011a8fb6dd9f90b60ed697ab52fc5 (diff)
download	Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.tar.gz Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.tar.zst Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.zip

diff --git a/index.php b/index.php index b4ccd1bd..d81712a6 100644 --- a/index.php +++ b/index.php
@@ -459,7 +459,7 @@ if (isset($_POST['login']))
459	else	459	else
460	{	460	{
461	ban_loginFailed($conf);	461	ban_loginFailed($conf);
462	$redir = '&username='. $_POST['login'];	462	$redir = '&username='. urlencode($_POST['login']);
463	if (isset($_GET['post'])) {	463	if (isset($_GET['post'])) {
464	$redir .= '&post=' . urlencode($_GET['post']);	464	$redir .= '&post=' . urlencode($_GET['post']);
465	foreach (array('description', 'source', 'title') as $param) {	465	foreach (array('description', 'source', 'title') as $param) {