Changeset 17984


Ignore:
Timestamp:
Sep 18, 2012, 2:09:45 PM (8 years ago)
Author:
plg
Message:

merge r17983 from branch 2.4 to trunk

bug 2750 fixed: HTML-sanitize $_POSTusername_or_email before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/password.php

    r15578 r17984  
    325325  if (isset($_POST['username_or_email']))
    326326  {
    327     $template->assign('username_or_email', stripslashes($_POST['username_or_email']));
     327    $template->assign('username_or_email', stripslashes(strip_tags($_POST['username_or_email'])));
    328328  }
    329329}
Note: See TracChangeset for help on using the changeset viewer.