prevent an possible xss exploit

author: Robin Appelman <icewind@owncloud.com> 2012-04-01 00:55:12 +0200
committer: Robin Appelman <icewind@owncloud.com> 2012-04-01 00:55:49 +0200
commit: d01b78a4b486860ab7110677e9969a37ee2a832f (patch)
tree: 7dc5621e0eb41b23e378685611305103039b5eee /core
parent: 4e327295c65b25fc5d6ceec5a8242eecf57b94e2 (diff)
download: nextcloud-server-d01b78a4b486860ab7110677e9969a37ee2a832f.tar.gz
nextcloud-server-d01b78a4b486860ab7110677e9969a37ee2a832f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/core/templates/login.php b/core/templates/login.php
index 82222c82129..4ba92221a7d 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -7,7 +7,7 @@
 		<?php endif; ?>
 		<p class="infield">
 			<label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label>
-			<input type="text" name="user" id="user" value="<?php echo !empty($_POST['user'])?$_POST['user'].'"':'" autofocus'; ?> autocomplete="off" required />
+			<input type="text" name="user" id="user" value="<?php echo !empty($_POST['user'])?htmlentities($_POST['user']).'"':'" autofocus'; ?> autocomplete="off" required />
 		</p>
 		<p class="infield">
 			<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
author	Robin Appelman <icewind@owncloud.com>	2012-04-01 00:55:12 +0200
committer	Robin Appelman <icewind@owncloud.com>	2012-04-01 00:55:49 +0200
commit	d01b78a4b486860ab7110677e9969a37ee2a832f (patch)
tree	7dc5621e0eb41b23e378685611305103039b5eee /core
parent	4e327295c65b25fc5d6ceec5a8242eecf57b94e2 (diff)
download	nextcloud-server-d01b78a4b486860ab7110677e9969a37ee2a832f.tar.gz nextcloud-server-d01b78a4b486860ab7110677e9969a37ee2a832f.zip