summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--web/template/login_form.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/web/template/login_form.php b/web/template/login_form.php
index 969a371..c27e9ba 100644
--- a/web/template/login_form.php
+++ b/web/template/login_form.php
@@ -11,7 +11,7 @@ elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']))
print "<span class='error'>" . $login_error . "</span><br />\n";
}
?>
-<form method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>">
+<form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) ?>">
<div>
<label for="user"><?php print __('Username') . ':'; ?></label>
<input type="text" name="user" id="user" size="30" maxlength="<?php print USERNAME_MAX_LEN; ?>" value="<?php