Changeset 17983


Ignore:
Timestamp:
09/18/12 14:07:54 (7 years ago)
Author:
plg
Message:

bug 2750 fixed: HTML-sanitize $_POSTusername_or_email before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.4/password.php

    r15578 r17983  
    325325  if (isset($_POST['username_or_email'])) 
    326326  { 
    327     $template->assign('username_or_email', stripslashes($_POST['username_or_email'])); 
     327    $template->assign('username_or_email', stripslashes(strip_tags($_POST['username_or_email']))); 
    328328  } 
    329329} 
Note: See TracChangeset for help on using the changeset viewer.