aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-01-04 15:53:48 +0100
committerVirtualTam <virtualtam@flibidi.net>2018-01-04 18:06:49 +0100
commit5ec90c7155f7185b35feb59c47816fc4188a314d (patch)
treec27c87c14462f8bc2a706145b700b57650140a42 /index.php
parentecccb14e2ab4e5f372ea9946b29995c3c7122a5c (diff)
downloadShaarli-5ec90c7155f7185b35feb59c47816fc4188a314d.tar.gz
Shaarli-5ec90c7155f7185b35feb59c47816fc4188a314d.tar.zst
Shaarli-5ec90c7155f7185b35feb59c47816fc4188a314d.zip
Fix XSS vulnerability
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'index.php')
-rw-r--r--index.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php
index 4068a828..c26f50d1 100644
--- a/index.php
+++ b/index.php
@@ -431,7 +431,7 @@ if (isset($_POST['login']))
431 else 431 else
432 { 432 {
433 ban_loginFailed($conf); 433 ban_loginFailed($conf);
434 $redir = '&username='. $_POST['login']; 434 $redir = '&username='. urlencode($_POST['login']);
435 if (isset($_GET['post'])) { 435 if (isset($_GET['post'])) {
436 $redir .= '&post=' . urlencode($_GET['post']); 436 $redir .= '&post=' . urlencode($_GET['post']);
437 foreach (array('description', 'source', 'title', 'tags') as $param) { 437 foreach (array('description', 'source', 'title', 'tags') as $param) {