aboutsummaryrefslogtreecommitdiffstats
path: root/themes/default/template/menubar_identification.tpl
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2010-04-29 10:44:30 +0000
committerplegall <plg@piwigo.org>2010-04-29 10:44:30 +0000
commite7487082c32de87efd756bf05ae8539d38cda373 (patch)
tree1f3c53b9fbb15fc576755f9af428b3a33178cf76 /themes/default/template/menubar_identification.tpl
parentba70c8f5cbd1f22c912a9b44363c246b6eb84dd7 (diff)
bug 1484: prevent XSS vulnerability, encode url.
improvement: no need to transmit the REQUEST_URI from PHP, Smarty already knows it. git-svn-id: http://piwigo.org/svn/trunk@5990 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--themes/default/template/menubar_identification.tpl2
1 files changed, 1 insertions, 1 deletions
diff --git a/themes/default/template/menubar_identification.tpl b/themes/default/template/menubar_identification.tpl
index c0af6047d..b686b9601 100644
--- a/themes/default/template/menubar_identification.tpl
+++ b/themes/default/template/menubar_identification.tpl
@@ -28,7 +28,7 @@
{if isset($U_LOGIN)}
<form method="post" action="{$U_LOGIN}" id="quickconnect">
- <input type="hidden" name="redirect" value="{$U_REDIRECT}">
+ <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|urlencode}">
<fieldset>
<legend>{'Quick connect'|@translate}</legend>
<div>