Update SpotPage_login.php

For for issue: spotweb#718

lib/page/SpotPage_login.php

@@ -37,7 +37,12 @@ public function render()
 
         // bring the form action into the local scope
         $formAction = $this->_loginForm['action'];
-
+
+        // Check redirect for chevrons, deny if found.
+        if (preg_match('/[<>]/i', $this->_params['data']['performredirect'])) {			
+		$result->addError(_('Script is not allowed'));
+		}
+
         // Are we already submitting the form login?
         if (!empty($formAction)) {
             // make sure we can simply assume all fields are there