projects / acontent.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
AC-4804: Security fixes for XSS, possible sql injection on multiple scripts within...
[acontent.git] / docs / themes / default / login.tmpl.php
diff --git a/docs/themes/default/login.tmpl.php b/docs/themes/default/login.tmpl.php
index a17182d..9f369bd 100644 (file)
--- a/docs/themes/default/login.tmpl.php
+++ b/docs/themes/default/login.tmpl.php
@@ -31,10 +31,10 @@ function encrypt_password() {
 \r
 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="form">\r
 <?php if (isset($_REQUEST['oauth_token'])) {?>\r
-<input type="hidden" name="oauth_token" value="<?php echo $_REQUEST['oauth_token']; ?>" />\r
+<input type="hidden" name="oauth_token" value="<?php echo AT_print($_REQUEST['oauth_token'], 'input.hidden'); ?>" />\r
 <?php }?>\r
 <?php if (isset($_REQUEST['oauth_callback'])) {?>\r
-<input type="hidden" name="oauth_callback" value="<?php echo $_REQUEST['oauth_callback']; ?>" />\r
+<input type="hidden" name="oauth_callback" value="<?php echo AT_print($_REQUEST['oauth_callback'], 'input.hidden'); ?>" />\r
 <?php }?>\r
 <input type="hidden" name="form_password_hidden" value="" />\r
        <div class="input-form">\r
AContent learning content authoring system