diff options
author | VirtualTam <virtualtam@flibidi.net> | 2018-01-04 15:53:48 +0100 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2018-01-04 18:18:11 +0100 |
commit | aadec30ecd068a48ae3cbc920eff9f6ee47a24ed (patch) | |
tree | fd40bc77af1aed944873079bc8386ae150eac24e /index.php | |
parent | 8868f3ca461011a8fb6dd9f90b60ed697ab52fc5 (diff) | |
download | Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.tar.gz Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.tar.zst Shaarli-aadec30ecd068a48ae3cbc920eff9f6ee47a24ed.zip |
Fix XSS vulnerability
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -459,7 +459,7 @@ if (isset($_POST['login'])) | |||
459 | else | 459 | else |
460 | { | 460 | { |
461 | ban_loginFailed($conf); | 461 | ban_loginFailed($conf); |
462 | $redir = '&username='. $_POST['login']; | 462 | $redir = '&username='. urlencode($_POST['login']); |
463 | if (isset($_GET['post'])) { | 463 | if (isset($_GET['post'])) { |
464 | $redir .= '&post=' . urlencode($_GET['post']); | 464 | $redir .= '&post=' . urlencode($_GET['post']); |
465 | foreach (array('description', 'source', 'title') as $param) { | 465 | foreach (array('description', 'source', 'title') as $param) { |