prevent an possible xss exploit

diff --git a/core/templates/login.php b/core/templates/login.php
index 82222c821296643ae2ca449ec1af865c99223b72..4ba92221a7d43a01a9fe48920d5aaa1a9b0e7189 100644 (file)
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -7,7 +7,7 @@
                <?php endif; ?>
                <p class="infield">
                        <label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label>
-                       <input type="text" name="user" id="user" value="<?php echo !empty($_POST['user'])?$_POST['user'].'"':'" autofocus'; ?> autocomplete="off" required />
+                       <input type="text" name="user" id="user" value="<?php echo !empty($_POST['user'])?htmlentities($_POST['user']).'"':'" autofocus'; ?> autocomplete="off" required />
                </p>
                <p class="infield">
                        <label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>