diff options
author | Lukas Fleischer <lfleischer@archlinux.org> | 2020-02-27 16:44:04 +0100 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2020-02-27 16:44:36 +0100 |
commit | 4b2102ceb26b77bc8ee3e9b9d8929a915f1e65a9 (patch) | |
tree | 72dbe334e262bac599e4b27dd1e7915e3eca2b6c /web | |
parent | cbab9870c1388f2d60a8d6cfbb936c384c1b58b6 (diff) | |
download | aur-4b2102ceb26b77bc8ee3e9b9d8929a915f1e65a9.tar.gz aur-4b2102ceb26b77bc8ee3e9b9d8929a915f1e65a9.tar.xz |
Properly escape passwords in the account edit form
Addresses FS#65639.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web')
-rw-r--r-- | web/template/account_edit_form.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php index a4ea9949..4ce6b875 100644 --- a/web/template/account_edit_form.php +++ b/web/template/account_edit_form.php @@ -157,12 +157,12 @@ <legend><?= __("If you want to change the password, enter a new password and confirm the new password by entering it again.") ?></legend> <p> <label for="id_passwd1"><?= __("Password") ?>:</label> - <input type="password" size="30" name="P" id="id_passwd1" value="<?= $P ?>" /> + <input type="password" size="30" name="P" id="id_passwd1" value="<?= htmlspecialchars($P, ENT_QUOTES) ?>" /> </p> <p> <label for="id_passwd2"><?= __("Re-type password") ?>:</label> - <input type="password" size="30" name="C" id="id_passwd2" value="<?= $C ?>" /> + <input type="password" size="30" name="C" id="id_passwd2" value="<?= htmlspecialchars($C, ENT_QUOTES) ?>" /> </p> </fieldset> <?php endif; ?> |