Fix XSS

author: Erik Dubbelboer <erik@dubbelboer.com> 2020-10-14 19:03:41 +0300
committer: Erik Dubbelboer <erik@dubbelboer.com> 2020-10-14 19:03:41 +0300
commit: eddaa674536d2e76e6d0b4efeb00604e992eab8f (patch)
tree: 7b4e4d7d6bbe3ee129f3d9b099997e16a4b4aa27
parent: 1ee43ae7c2ad415cc99086575d66dfd9df6831fb (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/login.php b/login.php
index dc0a887..82c5514 100644
--- a/login.php
+++ b/login.php
@@ -25,7 +25,7 @@ require 'includes/header.inc.php';
     <label for="inputUser" class="sr-only">Username</label>
     <input type="text" name="username" id="inputUser" class="form-control"
            placeholder="Username"
-           value="<?= isset($_POST['username']) ? $_POST['username'] : '' ?>"
+           value="<?= isset($_POST['username']) ? htmlentities($_POST['username'], defined('ENT_SUBSTITUTE') ? (ENT_QUOTES | ENT_SUBSTITUTE) : ENT_QUOTES, 'utf-8') : '' ?>"
            required <?= isset($_POST['username']) ? '' : 'autofocus' ?>>
 
     <label for="inputPassword" class="sr-only">Password</label>
author	Erik Dubbelboer <erik@dubbelboer.com>	2020-10-14 19:03:41 +0300
committer	Erik Dubbelboer <erik@dubbelboer.com>	2020-10-14 19:03:41 +0300
commit	eddaa674536d2e76e6d0b4efeb00604e992eab8f (patch)
tree	7b4e4d7d6bbe3ee129f3d9b099997e16a4b4aa27
parent	1ee43ae7c2ad415cc99086575d66dfd9df6831fb (diff)