"Login failure" when password contains HTML special characters
The XSS protection introduced in a3acb770 prevents users to login through the web interface if their password contains HTML special characters.
Adding "password"
to to the list of POST parameters, on which htmlspecialchars()
is not called, fixes the problem.