diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-09-05 16:56:09 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-09-05 16:56:09 +0200 |
commit | 20b20c20f2d40ad2bc1cc2e164f0b6d3c92321dd (patch) | |
tree | 96cdabf71a011f4ba812216f84c632bd121d144e /web/template | |
parent | 1b63994b8d1ccd4d8cb4b065fde8c8b798d7781d (diff) | |
download | aurweb-20b20c20f2d40ad2bc1cc2e164f0b6d3c92321dd.tar.xz |
web/template/login_form.php: Escape the request URI
Reported-by: Thomas Bächler <thomas@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/template')
-rw-r--r-- | web/template/login_form.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/web/template/login_form.php b/web/template/login_form.php index 969a371..c27e9ba 100644 --- a/web/template/login_form.php +++ b/web/template/login_form.php @@ -11,7 +11,7 @@ elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) print "<span class='error'>" . $login_error . "</span><br />\n"; } ?> -<form method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>"> +<form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) ?>"> <div> <label for="user"><?php print __('Username') . ':'; ?></label> <input type="text" name="user" id="user" size="30" maxlength="<?php print USERNAME_MAX_LEN; ?>" value="<?php |