From 5a137f9fe45366c4db0605700c2058f9b12b4cf0 Mon Sep 17 00:00:00 2001 From: plegall Date: Fri, 19 Oct 2012 20:15:37 +0000 Subject: bug 2774 fixed: better sanitize on username_or_email user input git-svn-id: http://piwigo.org/svn/branches/2.4@18699 68402e56-0260-453c-a942-63ccdbb3a9ee --- password.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/password.php b/password.php index 0c4ecd05e..888dfefa7 100644 --- a/password.php +++ b/password.php @@ -324,7 +324,7 @@ if ('lost' == $page['action']) if (isset($_POST['username_or_email'])) { - $template->assign('username_or_email', stripslashes(strip_tags($_POST['username_or_email']))); + $template->assign('username_or_email', htmlspecialchars(stripslashes($_POST['username_or_email']))); } } -- cgit v1.2.3