Home Explore Help
Register Sign In
xoru
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Escape username and password during u2f login 

Untested partial fix for issue #36
ThisIs_MyName 7 years ago
parent
fbfb770390
commit
2a55b50b7d
1 changed files with 2 additions and 2 deletions
Unified View Show Diff Stats
  1. 2
    2
      sections/login/u2f.php

+ 2
- 2
sections/login/u2f.php View File

13 
 View::show_header('U2F Authentication'); ?>
 13 
 View::show_header('U2F Authentication'); ?>
14
14
15 
 <form id="u2f_sign_form" action="login.php" method="post">
 15 
 <form id="u2f_sign_form" action="login.php" method="post">
16 
-  <input type="hidden" name="username" value="<?=$_POST['username']?>">
17 
-  <input type="hidden" name="password" value="<?=$_POST['password']?>">
16 
+  <input type="hidden" name="username" value="<?=htmlspecialchars($_POST['username'])?>">
17 
+  <input type="hidden" name="password" value="<?=htmlspecialchars($_POST['password'])?>">
18 
   <input type="hidden" name="u2f-request" value='<?=$U2FReq?>'>
 18 
   <input type="hidden" name="u2f-request" value='<?=$U2FReq?>'>
19 
   <input type="hidden" name="u2f-response">
 19 
   <input type="hidden" name="u2f-response">
20 
 </form>
 20 
 </form>

Write Preview
Loading…
Cancel
Save