diff options
| author | Philip Häusler <msquare@notrademark.de> | 2013-12-28 02:14:49 +0100 |
|---|---|---|
| committer | Philip Häusler <msquare@notrademark.de> | 2013-12-28 02:14:49 +0100 |
| commit | 8ce67793df5ea77494f6587f297fb96271d03290 (patch) | |
| tree | 1bb72bb7a32b4a65dbfcfce93c19cd6788cc80c7 /includes | |
| parent | c623a110ad9b3863b87c2ceb9adc9d689eed009b (diff) | |
form text fields now make htmlspecialchars
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/pages/guest_login.php | 2 | ||||
| -rw-r--r-- | includes/sys_template.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 1a8465dc..b9aca87d 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -48,7 +48,7 @@ function guest_register() { } } else { $ok = false; - $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), strip_request_item('nick')), true); + $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true); } if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { diff --git a/includes/sys_template.php b/includes/sys_template.php index 569783a7..78519143 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -113,7 +113,7 @@ function form_submit($name, $label) { */ function form_text($name, $label, $value, $disabled = false) { $disabled = $disabled ? ' disabled="disabled"' : ''; - return form_element($label, '<input id="form_' . $name . '" type="text" name="' . $name . '" value="' . $value . '" ' . $disabled . '/>', 'form_' . $name); + return form_element($label, '<input id="form_' . $name . '" type="text" name="' . $name . '" value="' . htmlspecialchars($value) . '" ' . $disabled . '/>', 'form_' . $name); } /** |