Properly escape passwords in the account edit form

Addresses FS#65639. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
author: Lukas Fleischer <lfleischer@archlinux.org> 2020-02-27 16:44:04 +0100
committer: Lukas Fleischer <lfleischer@archlinux.org> 2020-02-27 16:44:36 +0100
commit: 4b2102ceb26b77bc8ee3e9b9d8929a915f1e65a9 (patch)
tree: 72dbe334e262bac599e4b27dd1e7915e3eca2b6c /web
parent: cbab9870c1388f2d60a8d6cfbb936c384c1b58b6 (diff)
download: aur-4b2102ceb26b77bc8ee3e9b9d8929a915f1e65a9.tar.gz
aur-4b2102ceb26b77bc8ee3e9b9d8929a915f1e65a9.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index a4ea9949..4ce6b875 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -157,12 +157,12 @@
 		<legend><?= __("If you want to change the password, enter a new password and confirm the new password by entering it again.") ?></legend>
 		<p>
 			<label for="id_passwd1"><?= __("Password") ?>:</label>
-			<input type="password" size="30" name="P" id="id_passwd1" value="<?= $P ?>" />
+			<input type="password" size="30" name="P" id="id_passwd1" value="<?= htmlspecialchars($P, ENT_QUOTES) ?>" />
 		</p>
 
 		<p>
 			<label for="id_passwd2"><?= __("Re-type password") ?>:</label>
-			<input type="password" size="30" name="C" id="id_passwd2" value="<?= $C ?>" />
+			<input type="password" size="30" name="C" id="id_passwd2" value="<?= htmlspecialchars($C, ENT_QUOTES) ?>" />
 		</p>
 	</fieldset>
 	<?php endif; ?>
author	Lukas Fleischer <lfleischer@archlinux.org>	2020-02-27 16:44:04 +0100
committer	Lukas Fleischer <lfleischer@archlinux.org>	2020-02-27 16:44:36 +0100
commit	4b2102ceb26b77bc8ee3e9b9d8929a915f1e65a9 (patch)
tree	72dbe334e262bac599e4b27dd1e7915e3eca2b6c /web
parent	cbab9870c1388f2d60a8d6cfbb936c384c1b58b6 (diff)
download	aur-4b2102ceb26b77bc8ee3e9b9d8929a915f1e65a9.tar.gz aur-4b2102ceb26b77bc8ee3e9b9d8929a915f1e65a9.tar.xz