Changeset 18699 for branches/2.4


Ignore:
Timestamp:
Oct 19, 2012, 10:15:37 PM (12 years ago)
Author:
plg
Message:

bug 2774 fixed: better sanitize on username_or_email user input

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.4/password.php

    r17983 r18699  
    325325  if (isset($_POST['username_or_email']))
    326326  {
    327     $template->assign('username_or_email', stripslashes(strip_tags($_POST['username_or_email'])));
     327    $template->assign('username_or_email', htmlspecialchars(stripslashes($_POST['username_or_email'])));
    328328  }
    329329}
Note: See TracChangeset for help on using the changeset viewer.