external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Properly escape passwords in the account edit form

Browse source 
Addresses FS#65639.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Lukas Fleischer 2020-02-27 16:44:04 +01:00
parent cbab9870c1
commit 4b2102ceb2
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
web/template/account_edit_form.php
View file

@ -157,12 +157,12 @@
<legend><?= __("If you want to change the password, enter a new password and confirm the new password by entering it again.") ?></legend>
<p>
<label for="id_passwd1"><?= __("Password") ?>:</label>
<input type="password" size="30" name="P" id="id_passwd1" value="<?= $P ?>" />
<input type="password" size="30" name="P" id="id_passwd1" value="<?= htmlspecialchars($P, ENT_QUOTES) ?>" />
</p>
<p>
<label for="id_passwd2"><?= __("Re-type password") ?>:</label>
<input type="password" size="30" name="C" id="id_passwd2" value="<?= $C ?>" />
<input type="password" size="30" name="C" id="id_passwd2" value="<?= htmlspecialchars($C, ENT_QUOTES) ?>" />
</p>
</fieldset>
<?php endif; ?>