archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both

Browse source 
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP


git-svn-id: http://piwigo.org/svn/branches/2.4@17983 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2012-09-18 12:07:54 +00:00
parent b43df041d4
commit 8ec14404d1
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
password.php
View file

@ -324,7 +324,7 @@ if ('lost' == $page['action'])
if (isset($_POST['username_or_email']))
{
$template->assign('username_or_email', stripslashes($_POST['username_or_email']));
$template->assign('username_or_email', stripslashes(strip_tags($_POST['username_or_email'])));
}
}