Changeset 17983


Ignore:
Timestamp:
Sep 18, 2012, 2:07:54 PM (8 years ago)
Author:
plg
Message:

bug 2750 fixed: HTML-sanitize $_POSTusername_or_email before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.4/password.php

    r15578 r17983  
    325325  if (isset($_POST['username_or_email']))
    326326  {
    327     $template->assign('username_or_email', stripslashes($_POST['username_or_email']));
     327    $template->assign('username_or_email', stripslashes(strip_tags($_POST['username_or_email'])));
    328328  }
    329329}
Note: See TracChangeset for help on using the changeset viewer.