nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-02-19 04:23:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Don't escape HTML characters in the password.

Browse Source 
We allow them when users set their passwords, and no doubt allowed
from LDAP and other external sources. We should allow them to be
entered. Closes #229.
This commit is contained in:
Andrew Ruthven 2021-08-11 21:40:03 +12:00
parent 9da21ad116
commit 23831686bb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/always.php
View File

@ -10,7 +10,7 @@ if ( preg_match('{/always.php$}', $_SERVER['SCRIPT_NAME'] ) ) header('Location:
// XSS Protection
function filter_post(&$val, $index) {
if(in_array($index, ["newpass1", "newpass2"])) return;
if(in_array($index, ["newpass1", "newpass2", "password"])) return;
switch (gettype($val)) {
case "string":