diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2024-09-11 21:45:40 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2024-09-11 21:45:40 +0200 |
| commit | d1f1e42c2b180f34276d7ddd1a2bfeaf4e59ed05 (patch) | |
| tree | 5f72ed3b6e2f03162696e6484ed311a4837b8cb7 /app | |
| parent | e5320759ebe5bd820e2f815265ecd289f899842f (diff) | |
Fix unsafe login (#6797)
fix https://github.com/FreshRSS/FreshRSS/issues/6796
Diffstat (limited to 'app')
| -rw-r--r-- | app/Controllers/authController.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index b53747921..e97f09bc2 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -187,8 +187,8 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { Minz_Request::forward(['c' => 'auth', 'a' => 'login'], false); } } elseif (FreshRSS_Context::systemConf()->unsafe_autologin_enabled) { - $username = Minz_Request::paramString('u'); - $password = Minz_Request::paramString('p'); + $username = Minz_Request::paramString('u', specialchars: true); + $password = Minz_Request::paramString('p', specialchars: true); Minz_Request::_param('p'); if ($username === '') { |