From 6e91ec554c4db7087b5ed91d6a44a8bbe336411b Mon Sep 17 00:00:00 2001 From: mistic100 Date: Wed, 18 Dec 2013 19:59:30 +0000 Subject: feature 1668: escape login and password in registration email git-svn-id: http://piwigo.org/svn/trunk@26028 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/functions_user.inc.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include/functions_user.inc.php') diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 0500f772f..945a5eaa4 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -252,12 +252,12 @@ SELECT id include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); $keyargs_content = array( - get_l10n_args('Hello %s,', $login), + get_l10n_args('Hello %s,', stripslashes($login)), get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), - get_l10n_args('Username: %s', $login), - get_l10n_args('Password: %s', $password), + get_l10n_args('Username: %s', stripslashes($login)), + get_l10n_args('Password: %s', stripslashes($password)), get_l10n_args('Email: %s', $mail_address), get_l10n_args('', ''), get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address()), -- cgit v1.2.3