Release v0.9.3

-----BEGIN PGP SIGNATURE-----
 
 iQFLBAABCAA1FiEEEv0k8DWUT53dSMUkR6bSrUEA328FAlpOYNkXHHZpcnR1YWx0
 YW1AZmxpYmlkaS5uZXQACgkQR6bSrUEA329Qggf/TCRMsuYsL3TtgxeEAwZh+fPG
 TmfsVUpc+3fnfZCYQAPZ4JXzGTvqrPKRewm3xuIj/s+46y5vxLoppLBN9ULhG97F
 rTllSWvl252+A+COZlSNQYRfUt4gmtm4hS7iUTrTzzTLZkuwhr8vkj05+b+gI9N6
 IT76HX/5onKUhZh+5L2ipFRF3KHBcwCaJbUOUT0YtEL/LqcT/F6oPnoagYLfgYDw
 I1E8ewcXyO8aMw98dghGg2xwIHytljRqqZXMUDs03n+50KFwPmP3CzZbohfW5uMV
 KsY79gB79B4pLoB9Slp3vypsoEL8wbfgZCLzMLlqr93xdztOp+bG9MQ9yvInjg==
 =2XAs
 -----END PGP SIGNATURE-----

Merge tag 'v0.9.3' into latest

Release v0.9.3

AUTHORS

@@ -1,5 +1,5 @@
-   537	ArthurHoaro <arthur@hoa.ro>
-   252	VirtualTam <virtualtam@flibidi.net>
+   542	ArthurHoaro <arthur@hoa.ro>
+   255	VirtualTam <virtualtam@flibidi.net>
    148	nodiscc <nodiscc@gmail.com>
     56	Sébastien Sauvage <sebsauvage@sebsauvage.net>
     15	Florian Eula <eula.florian@gmail.com>

CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [v0.9.3](https://github.com/shaarli/Shaarli/releases/tag/v0.9.3) - 2018-01-04
+
+**XSS vulnerability fixed. Please update.**
+
+### Security
+- Fix an XSS (cross-site-scripting) vulnerability in `index.php`
+
+
 ## [v0.9.2](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2) - 2017-10-07
 
 **Major security issue fixed. Please update.**

index.php

@@ -431,7 +431,7 @@ if (isset($_POST['login']))
     else
     {
         ban_loginFailed($conf);
-        $redir = '&username='. $_POST['login'];
+        $redir = '&username='. urlencode($_POST['login']);
         if (isset($_GET['post'])) {
             $redir .= '&post=' . urlencode($_GET['post']);
             foreach (array('description', 'source', 'title', 'tags') as $param) {

shaarli_version.php

@@ -1 +1 @@
-<?php /* 0.9.2 */ ?>
+<?php /* 0.9.3 */ ?>