Skip to content

Commit

Permalink
SECURITY: Fix javascript injection vulnerability in mobile login page.
Browse files Browse the repository at this point in the history
  • Loading branch information
@mrubinsk
mrubinsk committed Jun 14, 2020
1 parent f1aacc7 commit e554dad
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions login.php
View file
Expand Up @@ -347,6 +347,8 @@ function _addAnchor($url, $type, $vars, $url_anchor = null)
if ($browser->isMobile() &&
(!isset($conf['user']['force_view']) ||
!in_array($conf['user']['force_view'], array('basic', 'dynamic')))) {

$loginparams['horde_user']['value'] = htmlspecialchars($loginparams['horde_user']['value']);
$view = new Horde_View(array(
'templatePath' => HORDE_TEMPLATES . '/login'
));
Expand Down

0 comments on commit e554dad

Please sign in to comment.