aboutsummaryrefslogtreecommitdiffstats
path: root/password.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2012-09-18 12:07:54 +0000
committerplegall <plg@piwigo.org>2012-09-18 12:07:54 +0000
commit8ec14404d1ea316960e6c45971f2c05045bf6822 (patch)
tree3e845d3faf5b0fffcc495aa176e78c3f9fdc9369 /password.php
parentb43df041d4fec796f8fa9a9db367fb40bd61fd8b (diff)
bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both
username and email don't allow HTML tags...) Original report by Stefan Schurtz via Secunia SVCRP git-svn-id: http://piwigo.org/svn/branches/2.4@17983 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'password.php')
-rw-r--r--password.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/password.php b/password.php
index 58b8ece3a..0c4ecd05e 100644
--- a/password.php
+++ b/password.php
@@ -324,7 +324,7 @@ if ('lost' == $page['action'])
if (isset($_POST['username_or_email']))
{
- $template->assign('username_or_email', stripslashes($_POST['username_or_email']));
+ $template->assign('username_or_email', stripslashes(strip_tags($_POST['username_or_email'])));
}
}