Dotclear


Ignore:
Timestamp:
02/08/12 20:53:04 (13 years ago)
Author:
Dsls <dsls@…>
Branch:
2.4
Message:

Advisory ID: HTB23074 - 1.1: Sanitize admin/auth.php login_data parameter

File:
1 edited

Legend:

Unmodified
Added
Removed

  • admin/auth.php

    r550 r794  
    3131 
    3232$change_pwd = $core->auth->allowPassChange() && isset($_POST['new_pwd']) && isset($_POST['new_pwd_c']) && isset($_POST['login_data']); 
    33 $login_data = !empty($_POST['login_data']) ? $_POST['login_data'] : null; 
     33$login_data = !empty($_POST['login_data']) ? html::escapeHTML($_POST['login_data']) : null; 
    3434$recover = $core->auth->allowPassChange() && !empty($_REQUEST['recover']); 
    3535$safe_mode = !empty($_REQUEST['safe_mode']); 
Note: See TracChangeset for help on using the changeset viewer.

Sites map