Revision 669
Added by thorn almost 17 years ago
| trunk/CHANGELOG | ||
|---|---|---|
| 12 | 12 |
|
| 13 | 13 |
------------------------------------- 2.7.0 ------------------------------------- |
| 14 | 14 |
04-Feb-2008 Thomas Hornik |
| 15 |
! email-addresses are excluded from search-results page. |
|
| 15 |
! email-addresses are excluded from search-results page. |
|
| 16 |
# Fixed possible XSS in account/login.php and forgot-form.php |
|
| 16 | 17 |
04-Feb-2008 Christian Sommer |
| 17 | 18 |
# allowed usage of tags in settings fields: website_header, website_footer |
| 18 | 19 |
03-Feb-2008 Thomas Hornik |
| trunk/wb/account/forgot_form.php | ||
|---|---|---|
| 34 | 34 |
// Check if the user has already submitted the form, otherwise show it |
| 35 | 35 |
if(isset($_POST['email']) AND $_POST['email'] != "") {
|
| 36 | 36 |
|
| 37 |
$email = $_POST['email'];
|
|
| 37 |
$email = strip_tags($_POST['email']);
|
|
| 38 | 38 |
|
| 39 | 39 |
// Check if the email exists in the database |
| 40 | 40 |
$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($_POST['email'])."'"; |
| trunk/wb/account/login.php | ||
|---|---|---|
| 53 | 53 |
require_once(WB_PATH.'/framework/class.login.php'); |
| 54 | 54 |
|
| 55 | 55 |
// Create new login app |
| 56 |
$redirect = (isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : '';
|
|
| 56 |
$redirect = strip_tags((isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : '');
|
|
| 57 | 57 |
$thisApp = new Login( |
| 58 | 58 |
array( |
| 59 | 59 |
"MAX_ATTEMPS" => "3", |
Also available in: Unified diff
Fixed possible XSS in account/login.php and forgot-form.php