From 3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff Mon Sep 17 00:00:00 2001
From: root
Date: Sun, 20 Apr 2014 18:55:24 +0200
Subject: Fixed XSS vulnerability.

---
 www/functions/func_login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'www/functions/func_login.php')

diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index d909180..7944c3e 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -4,7 +4,7 @@ function login($db){
         /*___Database Query: Login___*/
 	$username = $_POST["username"];
         $password = $_POST["password"];
-        $safe_username = SQLite3::escapeString("$username");
+        $safe_username = SQLite3::escapeString(htmlentities($username));
 
 	$log_in = false;
 	$real_password = "";
-- 
cgit v1.2.3