Project

General

Profile

« Previous | Next » 

Revision 669

Added by thorn about 17 years ago

Fixed possible XSS in account/login.php and forgot-form.php

View differences:

login.php
53 53
require_once(WB_PATH.'/framework/class.login.php');
54 54

  
55 55
// Create new login app
56
$redirect = (isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : '';
56
$redirect = strip_tags((isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : '');
57 57
$thisApp = new Login(
58 58
							array(
59 59
									"MAX_ATTEMPS" => "3",

Also available in: Unified diff