add htmlentities() call into login form

author Michiel de Jong <michiel@unhosted.org>

Fri, 18 May 2012 14:00:17 +0000 (16:00 +0200)

committer Michiel de Jong <michiel@unhosted.org>

Fri, 18 May 2012 14:12:49 +0000 (16:12 +0200)
author Michiel de Jong <michiel@unhosted.org>
Fri, 18 May 2012 14:00:17 +0000 (16:00 +0200)
committer Michiel de Jong <michiel@unhosted.org>
Fri, 18 May 2012 14:12:49 +0000 (16:12 +0200)
diff --git a/core/templates/login.php b/core/templates/login.php

index a40bf5c330a8da2a3cc0655b87f29c21f74b5b03..41d6ba41ef8e0df52d9d04e7f67ca3e557664a98 100644 (file)
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -1,7 +1,7 @@
  <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
  <form action="index.php" method="post">
         <fieldset>
-               <?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?>
+               <?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.htmlentities($_['redirect']).'" />'; } ?>
                 <?php if($_['error']): ?>
                         <a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a>
                 <?php endif; ?>
author	Michiel de Jong <michiel@unhosted.org>
	Fri, 18 May 2012 14:00:17 +0000 (16:00 +0200)
committer	Michiel de Jong <michiel@unhosted.org>
	Fri, 18 May 2012 14:12:49 +0000 (16:12 +0200)