From e7487082c32de87efd756bf05ae8539d38cda373 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 29 Apr 2010 10:44:30 +0000
Subject: bug 1484: prevent XSS vulnerability, encode url.

improvement: no need to transmit the REQUEST_URI from PHP, Smarty already
knows it.

git-svn-id: http://piwigo.org/svn/trunk@5990 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 themes/default/template/identification.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'themes/default/template/identification.tpl')

diff --git a/themes/default/template/identification.tpl b/themes/default/template/identification.tpl
index 1541fd471..1a34744ac 100644
--- a/themes/default/template/identification.tpl
+++ b/themes/default/template/identification.tpl
@@ -21,7 +21,7 @@
   <fieldset>
     <legend>{'Connection settings'|@translate}</legend>
 
-    <input type="hidden" name="redirect" value="{$U_REDIRECT}">
+    <input type="hidden" name="redirect" value="{$U_REDIRECT|urlencode}">
 
     <ul>
       <li>
-- 
cgit v1.2.3