login.php: fix XSS hole as per bug 2905599

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@783 a1433add-5e2c-0410-b055-b7f2511e0802
15 years ago · 1f57b94d7e
parent f7be4a7494
commit 1f57b94d7e
1 changed files with 1 additions and 1 deletions
--- a/login.php
+++ b/login.php
@ -65,7 +65,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
        {
            $error = 1;
            $tMessage = '<span class="error_msg">' . $PALANG['pLogin_failed'] . '</span>';
-            $tUsername = $fUsername;
+            $tUsername = htmlentities($fUsername, ENT_QUOTES, 'UTF-8');
        }
    }
    else