maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

avoid possible html injection via forgot-password-error-message

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2022-11-05 12:51:23 +01:00
parent 4a4188a96b
commit 4fc50fba1f
3 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
index.php
View File

@@ -356,12 +356,7 @@ if ($action == '2fa_entercode') {
$message = lng('error.login_blocked', [Settings::Get('login.deactivatetime')]);
break;
case 4:
$cmail = isset($_GET['customermail']) ? $_GET['customermail'] : 'unknown';
if (!Validate::validateEmail($cmail)) {
$message = lng('error.errorsendingmail', ['invalid.address']);
} else {
$message = lng('error.errorsendingmail', [$cmail]);
}
$message = lng('error.errorsendingmailpub');
break;
case 5:
$message = lng('error.user_banned');