Merge pull request #1046 from virtualtam/security/login-xss

Fix XSS vulnerability
2018-01-04 18:04:34 +01:00 · 2018-01-04 18:04:34 +01:00 · 17dee65651
parent b6b53143fc 65c002ca18
commit 17dee65651
1 changed files with 1 additions and 1 deletions
--- a/index.php
+++ b/index.php
@ -436,7 +436,7 @@ if (isset($_POST['login']))
    else
    {
        ban_loginFailed($conf);
-        $redir = '&username='. $_POST['login'];
+        $redir = '&username='. urlencode($_POST['login']);
        if (isset($_GET['post'])) {
            $redir .= '&post=' . urlencode($_GET['post']);
            foreach (array('description', 'source', 'title', 'tags') as $param) {