Revision 669
Added by thorn about 17 years ago
login.php | ||
---|---|---|
53 | 53 |
require_once(WB_PATH.'/framework/class.login.php'); |
54 | 54 |
|
55 | 55 |
// Create new login app |
56 |
$redirect = (isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : '';
|
|
56 |
$redirect = strip_tags((isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : '');
|
|
57 | 57 |
$thisApp = new Login( |
58 | 58 |
array( |
59 | 59 |
"MAX_ATTEMPS" => "3", |
Also available in: Unified diff
Fixed possible XSS in account/login.php and forgot-form.php