Commit 4b2102ce authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Properly escape passwords in the account edit form



Addresses FS#65639.
Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
parent cbab9870
...@@ -157,12 +157,12 @@ ...@@ -157,12 +157,12 @@
<legend><?= __("If you want to change the password, enter a new password and confirm the new password by entering it again.") ?></legend> <legend><?= __("If you want to change the password, enter a new password and confirm the new password by entering it again.") ?></legend>
<p> <p>
<label for="id_passwd1"><?= __("Password") ?>:</label> <label for="id_passwd1"><?= __("Password") ?>:</label>
<input type="password" size="30" name="P" id="id_passwd1" value="<?= $P ?>" /> <input type="password" size="30" name="P" id="id_passwd1" value="<?= htmlspecialchars($P, ENT_QUOTES) ?>" />
</p> </p>
<p> <p>
<label for="id_passwd2"><?= __("Re-type password") ?>:</label> <label for="id_passwd2"><?= __("Re-type password") ?>:</label>
<input type="password" size="30" name="C" id="id_passwd2" value="<?= $C ?>" /> <input type="password" size="30" name="C" id="id_passwd2" value="<?= htmlspecialchars($C, ENT_QUOTES) ?>" />
</p> </p>
</fieldset> </fieldset>
<?php endif; ?> <?php endif; ?>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment