diff options
author | VirtualTam <virtualtam@flibidi.net> | 2018-01-04 15:53:48 +0100 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2018-01-04 15:53:48 +0100 |
commit | 65c002ca1846ff09a6d97c6e3ce521bb6dccb741 (patch) | |
tree | 1457873d3dbb5d8279dac930c8e7110b720151a8 /index.php | |
parent | b6b53143fcbc5834d8c06399630fa86a2586a030 (diff) | |
download | Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.tar.gz Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.tar.zst Shaarli-65c002ca1846ff09a6d97c6e3ce521bb6dccb741.zip |
Fix XSS vulnerability
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -436,7 +436,7 @@ if (isset($_POST['login'])) | |||
436 | else | 436 | else |
437 | { | 437 | { |
438 | ban_loginFailed($conf); | 438 | ban_loginFailed($conf); |
439 | $redir = '&username='. $_POST['login']; | 439 | $redir = '&username='. urlencode($_POST['login']); |
440 | if (isset($_GET['post'])) { | 440 | if (isset($_GET['post'])) { |
441 | $redir .= '&post=' . urlencode($_GET['post']); | 441 | $redir .= '&post=' . urlencode($_GET['post']); |
442 | foreach (array('description', 'source', 'title', 'tags') as $param) { | 442 | foreach (array('description', 'source', 'title', 'tags') as $param) { |