SECURITY: Fixed XSS in post-login page redirection. Reported by Secunia.
authorDan Fuhry <dan@enanocms.org>
Tue, 12 Jul 2011 22:15:18 -0400
changeset 1347 d8983d3a8468
parent 1346 b79029a49d28
child 1348 2e635e51deb0
SECURITY: Fixed XSS in post-login page redirection. Reported by Secunia.
plugins/SpecialUserFuncs.php
--- a/plugins/SpecialUserFuncs.php	Fri Jun 03 10:45:21 2011 -0400
+++ b/plugins/SpecialUserFuncs.php	Tue Jul 12 22:15:18 2011 -0400
@@ -408,7 +408,7 @@
 				$name = get_page_title($_POST['return_to']);
 				$subst = array(
 						'username' => $session->username,
-						'redir_target' => $name
+						'redir_target' => htmlspecialchars($name)
 					);
 				redirect( makeUrl($_POST['return_to'], $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
 			}