summaryrefslogtreecommitdiffstats
path: root/web/template/login_form.php
diff options
context:
space:
mode:
Diffstat (limited to 'web/template/login_form.php')
-rw-r--r--web/template/login_form.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/web/template/login_form.php b/web/template/login_form.php
index b351a27..c27e9ba 100644
--- a/web/template/login_form.php
+++ b/web/template/login_form.php
@@ -11,7 +11,7 @@ elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']))
print "<span class='error'>" . $login_error . "</span><br />\n";
}
?>
-<form method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>">
+<form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) ?>">
<div>
<label for="user"><?php print __('Username') . ':'; ?></label>
<input type="text" name="user" id="user" size="30" maxlength="<?php print USERNAME_MAX_LEN; ?>" value="<?php
@@ -31,8 +31,8 @@ elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']))
else {
?>
<span class='error'>
- <?php echo __("HTTP login is disabled. Please switch to HTTPs if you want to login: "); ?>
- <a href="https://aur.archlinux.org/">https://aur.archlinux.org/</a>
+ <?php printf(__("HTTP login is disabled. Please %sswitch to HTTPs%s if you want to login."),
+ '<a href="https://aur.archlinux.org' . htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) . '">', '</a>'); ?>
</span>
<?php } ?>
</div>