Revision 1405
Added by FrankH almost 14 years ago
- Security fix (XSS) in form module, thanks to Michael Schwarz
| save.php | ||
|---|---|---|
| 30 | 30 |
$err_msg = array(); |
| 31 | 31 |
$min_pass_length = 6; |
| 32 | 32 |
// first check form-tan |
| 33 |
if(!$admin->checkFTAN()){ $err_msg[] = $MESSAGE['PAGES']['NOT_SAVED']; }
|
|
| 33 |
if(!$admin->checkFTAN()){ $err_msg[] = $MESSAGE['GENERIC_SECURITY_ACCESS']; }
|
|
| 34 | 34 |
// Get entered values and validate all |
| 35 | 35 |
// remove any dangerouse chars from display_name |
| 36 | 36 |
$display_name = $admin->add_slashes(strip_tags(trim($admin->get_post('display_name'))));
|
Also available in: Unified diff