diff options
author | VirtualTam <virtualtam@flibidi.net> | 2018-01-04 15:53:48 +0100 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2018-01-04 18:06:49 +0100 |
commit | 5ec90c7155f7185b35feb59c47816fc4188a314d (patch) | |
tree | c27c87c14462f8bc2a706145b700b57650140a42 /index.php | |
parent | ecccb14e2ab4e5f372ea9946b29995c3c7122a5c (diff) | |
download | Shaarli-5ec90c7155f7185b35feb59c47816fc4188a314d.tar.gz Shaarli-5ec90c7155f7185b35feb59c47816fc4188a314d.tar.zst Shaarli-5ec90c7155f7185b35feb59c47816fc4188a314d.zip |
Fix XSS vulnerability
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -431,7 +431,7 @@ if (isset($_POST['login'])) | |||
431 | else | 431 | else |
432 | { | 432 | { |
433 | ban_loginFailed($conf); | 433 | ban_loginFailed($conf); |
434 | $redir = '&username='. $_POST['login']; | 434 | $redir = '&username='. urlencode($_POST['login']); |
435 | if (isset($_GET['post'])) { | 435 | if (isset($_GET['post'])) { |
436 | $redir .= '&post=' . urlencode($_GET['post']); | 436 | $redir .= '&post=' . urlencode($_GET['post']); |
437 | foreach (array('description', 'source', 'title', 'tags') as $param) { | 437 | foreach (array('description', 'source', 'title', 'tags') as $param) { |