From d1f1e42c2b180f34276d7ddd1a2bfeaf4e59ed05 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Wed, 11 Sep 2024 21:45:40 +0200
Subject: Fix unsafe login (#6797)

fix https://github.com/FreshRSS/FreshRSS/issues/6796
---
 app/Controllers/authController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index b53747921..e97f09bc2 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -187,8 +187,8 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
 				Minz_Request::forward(['c' => 'auth', 'a' => 'login'], false);
 			}
 		} elseif (FreshRSS_Context::systemConf()->unsafe_autologin_enabled) {
-			$username = Minz_Request::paramString('u');
-			$password = Minz_Request::paramString('p');
+			$username = Minz_Request::paramString('u', specialchars: true);
+			$password = Minz_Request::paramString('p', specialchars: true);
 			Minz_Request::_param('p');
 
 			if ($username === '') {
-- 
cgit v1.2.3