Skip to content
Permalink
Browse files Browse the repository at this point in the history
(see #14)
escape html entities for uid to avoid code execution
  • Loading branch information
bzapiec committed Jun 4, 2018
1 parent a389ec1 commit 56070d6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion html/password.php
Expand Up @@ -305,7 +305,7 @@ function displayPWchanger()

/* Fill template with required values */
$smarty->assign('date', gmdate("D, d M Y H:i:s"));
$smarty->assign('uid', $uid);
$smarty->assign('uid', set_post($uid));
$smarty->assign('password_img', get_template_path('images/password.png'));

/* Displasy SSL mode warning? */
Expand Down

0 comments on commit 56070d6

Please sign in to comment.