diff options
author | plegall <plg@piwigo.org> | 2010-04-29 10:44:30 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2010-04-29 10:44:30 +0000 |
commit | e7487082c32de87efd756bf05ae8539d38cda373 (patch) | |
tree | 1f3c53b9fbb15fc576755f9af428b3a33178cf76 /themes/default/template/identification.tpl | |
parent | ba70c8f5cbd1f22c912a9b44363c246b6eb84dd7 (diff) |
bug 1484: prevent XSS vulnerability, encode url.
improvement: no need to transmit the REQUEST_URI from PHP, Smarty already
knows it.
git-svn-id: http://piwigo.org/svn/trunk@5990 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'themes/default/template/identification.tpl')
-rw-r--r-- | themes/default/template/identification.tpl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/themes/default/template/identification.tpl b/themes/default/template/identification.tpl index 1541fd471..1a34744ac 100644 --- a/themes/default/template/identification.tpl +++ b/themes/default/template/identification.tpl @@ -21,7 +21,7 @@ <fieldset> <legend>{'Connection settings'|@translate}</legend> - <input type="hidden" name="redirect" value="{$U_REDIRECT}"> + <input type="hidden" name="redirect" value="{$U_REDIRECT|urlencode}"> <ul> <li> |