diff options
author | Michiel de Jong <michiel@unhosted.org> | 2012-05-18 18:00:17 +0400 |
---|---|---|
committer | Michiel de Jong <michiel@unhosted.org> | 2012-05-18 18:12:49 +0400 |
commit | fc536c349113694491a035fa400bd72e8fb99513 (patch) | |
tree | a29bc846d9cdcab20708241512ab2b2f32c24974 /core | |
parent | 9e735241689a9ba6a7810f4873fe2bba548e4cc3 (diff) |
add htmlentities() call into login form
Diffstat (limited to 'core')
-rw-r--r-- | core/templates/login.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/templates/login.php b/core/templates/login.php index a40bf5c330a..41d6ba41ef8 100644 --- a/core/templates/login.php +++ b/core/templates/login.php @@ -1,7 +1,7 @@ <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]--> <form action="index.php" method="post"> <fieldset> - <?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?> + <?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.htmlentities($_['redirect']).'" />'; } ?> <?php if($_['error']): ?> <a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a> <?php endif; ?> |