/trunk/wb/account/login.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 669

Added by thorn over 17 years ago

Fixed possible XSS in account/login.php and forgot-form.php

     require_once(WB_PATH.'/framework/class.login.php');
     // Create new login app
     $redirect = (isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : '';
     $redirect = strip_tags((isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : '');
     $thisApp = new Login(
     							array(
     									"MAX_ATTEMPS" => "3",

Also available in: Unified diff