external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

web/template/login_form.php: Escape the request URI

Browse source 
Reported-by: Thomas Bächler <thomas@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-09-05 16:56:09 +02:00
parent 1b63994b8d
commit 20b20c20f2
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
web/template/login_form.php
View file

@ -11,7 +11,7 @@ elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']))
print "<span class='error'>" . $login_error . "</span><br />\n"; print "<span class='error'>" . $login_error . "</span><br />\n";
} }
?> ?>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>"> <form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) ?>">
<div> <div>
<label for="user"><?php print __('Username') . ':'; ?></label> <label for="user"><?php print __('Username') . ':'; ?></label>
<input type="text" name="user" id="user" size="30" maxlength="<?php print USERNAME_MAX_LEN; ?>" value="<?php <input type="text" name="user" id="user" size="30" maxlength="<?php print USERNAME_MAX_LEN; ?>" value="<?php