Merge pull request lota#22 from c3retc3/patch-1

XSS fix (login_username)
sphakka · May 10, 2018 · 3677de8 · 3677de8
2 parents 2e9b356 + 0e84ccf
commit 3677de8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/views/helpers.php b/views/helpers.php
@@ -100,7 +100,7 @@ function page_exit()
 function login_form()
 {
     if (isset($_POST["login_username"]))
-        $login_username = $_POST["login_username"];
+        $login_username = htmlspecialchars($_POST["login_username"], ENT_QUOTES, "utf-8");
     else
         $login_username = null;