Browse Source

Escape username and password during u2f login

Untested partial fix for issue #36
ThisIs_MyName 1 year ago
parent
commit
2a55b50b7d
1 changed files with 2 additions and 2 deletions
  1. 2
    2
      sections/login/u2f.php

+ 2
- 2
sections/login/u2f.php View File

@@ -13,8 +13,8 @@ $U2FReq = json_encode($U2F->getAuthenticateData($U2FRegs));
13 13
 View::show_header('U2F Authentication'); ?>
14 14
 
15 15
 <form id="u2f_sign_form" action="login.php" method="post">
16
-  <input type="hidden" name="username" value="<?=$_POST['username']?>">
17
-  <input type="hidden" name="password" value="<?=$_POST['password']?>">
16
+  <input type="hidden" name="username" value="<?=htmlspecialchars($_POST['username'])?>">
17
+  <input type="hidden" name="password" value="<?=htmlspecialchars($_POST['password'])?>">
18 18
   <input type="hidden" name="u2f-request" value='<?=$U2FReq?>'>
19 19
   <input type="hidden" name="u2f-response">
20 20
 </form>

Loading…
Cancel
Save