composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-22 01:58:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

#923: prevent XSS injection in forgot password page.

Browse Source 
SVN:2.0.2[3140]
This commit is contained in:
Denis Flaven
2014-05-06 09:53:37 +00:00
parent 658664a2b2
commit ef7d9659fa
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
application/loginwebpage.class.inc.php
View File

@@ -191,7 +191,7 @@ class LoginWebPage extends NiceWebPage
$this->add("<p>".Dict::S('UI:Login:ForgotPwdForm+')."</p>\n");
if ($bFailedToReset)
{
$this->add("<p class=\"hilite\">".Dict::Format('UI:Login:ResetPwdFailed', $sFailureReason)."</p>\n");
$this->add("<p class=\"hilite\">".Dict::Format('UI:Login:ResetPwdFailed', htmlentities($sFailureReason, ENT_QUOTES, 'UTF-8'))."</p>\n");
}
$sAuthUser = utils::ReadParam('auth_user', '', true, 'raw_data');
$this->add("<form method=\"post\">\n");