From 1f57b94d7e756733ad3b49ceae6b3e17e9429266 Mon Sep 17 00:00:00 2001
From: David Goodwin <david@palepurple.co.uk>
Date: Wed, 2 Dec 2009 13:24:45 +0000
Subject: [PATCH] login.php: fix XSS hole as per bug 2905599

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@783 a1433add-5e2c-0410-b055-b7f2511e0802
---
 login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/login.php b/login.php
index 925ba664..bcc238e4 100644
--- a/login.php
+++ b/login.php
@@ -65,7 +65,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
         {
             $error = 1;
             $tMessage = '<span class="error_msg">' . $PALANG['pLogin_failed'] . '</span>';
-            $tUsername = $fUsername;
+            $tUsername = htmlentities($fUsername, ENT_QUOTES, 'UTF-8');
         }
     }
     else