Hello,
your code is prone to reflected XSS attacks, since some user input is not escaped. For example:
|
<input type="text" value="<?php if(isset($_POST['username'])) { echo $_POST['username']; } ?>" id="username" name="username" class="field" tabindex="1" placeholder="<?php echo SubfolioLanguage::get_text('username');?>" data-behavior="search_field" /> |
You can escape user input before reflecting it on your website.
For example, please consider using htmlentities($_POST['username']).
Hello,
your code is prone to reflected XSS attacks, since some user input is not escaped. For example:
subfolio/config/themes/default/pages/login.php
Line 13 in fcd7e59
You can escape user input before reflecting it on your website.
For example, please consider using htmlentities($_POST['username']).