Changeset 18700


Ignore:
Timestamp:
Oct 19, 2012, 10:16:52 PM (8 years ago)
Author:
plg
Message:

merge r18699 from branch 2.4 to trunk

bug 2774 fixed: better sanitize on username_or_email user input

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/password.php

    r18063 r18700  
    327327  if (isset($_POST['username_or_email']))
    328328  {
    329     $template->assign('username_or_email', stripslashes(strip_tags($_POST['username_or_email'])));
     329    $template->assign('username_or_email', htmlspecialchars(stripslashes($_POST['username_or_email'])));
    330330  }
    331331}
Note: See TracChangeset for help on using the changeset viewer.