Skip to content

Commit 56070d6

Browse files
author
bzapiec
committed
(see #14)
escape html entities for uid to avoid code execution
1 parent a389ec1 commit 56070d6

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: html/password.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -305,7 +305,7 @@ function displayPWchanger()
305305

306306
/* Fill template with required values */
307307
$smarty->assign('date', gmdate("D, d M Y H:i:s"));
308-
$smarty->assign('uid', $uid);
308+
$smarty->assign('uid', set_post($uid));
309309
$smarty->assign('password_img', get_template_path('images/password.png'));
310310

311311
/* Displasy SSL mode warning? */

0 commit comments

Comments
 (0)