fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add validation to avoid XSS in the login page

Browse Source
This commit is contained in:
Julio Cesar Laura
2013-01-03 09:25:44 -04:00
parent e63be38c87
commit 1f80c0f164
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
workflow/engine/methods/login/login.php
View File

@@ -28,7 +28,7 @@ $aFields = array();
if (!isset($_GET['u'])) { if (!isset($_GET['u'])) {
$aFields['URL'] = ''; $aFields['URL'] = '';
} else { } else {
$aFields['URL'] = urldecode($_GET['u']); $aFields['URL'] = urldecode(htmlentities($_GET['u']));
} }
if (!isset($_SESSION['G_MESSAGE'])) { if (!isset($_SESSION['G_MESSAGE'])) {