Permalink
Browse files

merge r17983 from branch 2.4 to trunk

bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP



git-svn-id: http://piwigo.org/svn/trunk@17984 68402e56-0260-453c-a942-63ccdbb3a9ee
  • Loading branch information...
plegall committed Sep 18, 2012
1 parent a1002f6 commit a8fdff631d594d40f026899965a8f1bc12d718ca
Showing with 1 addition and 1 deletion.
  1. +1 −1 password.php
@@ -324,7 +324,7 @@ function reset_password()
if (isset($_POST['username_or_email']))
{
$template->assign('username_or_email', stripslashes($_POST['username_or_email']));
$template->assign('username_or_email', stripslashes(strip_tags($_POST['username_or_email'])));
}
}

0 comments on commit a8fdff6

Please sign in to comment.