iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

merge r17983 from branch 2.4 to trunk

Browse Source 
bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP



git-svn-id: http://piwigo.org/svn/trunk@17984 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
2012-09-18 12:09:45 +00:00
parent a1002f61fd
commit a8fdff631d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
password.php
View File

@@ -324,7 +324,7 @@ if ('lost' == $page['action'])
if (isset($_POST['username_or_email']))
{
$template->assign('username_or_email', stripslashes($_POST['username_or_email']));
$template->assign('username_or_email', stripslashes(strip_tags($_POST['username_or_email'])));
}
}