fix potential stored XSS in LoginXhr::joinValidate()

3efee179 · chandi · Matthias Larisch · bedf5246 · 3efee179
Commit 3efee179 authored Feb 19, 2019 by chandi Committed by Matthias Larisch Feb 20, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

src/Modules/Login/LoginXhr.php src/Modules/Login/LoginXhr.php +1 -1

No files found.
--- a/src/Modules/Login/LoginXhr.php
+++ b/src/Modules/Login/LoginXhr.php
@@ -206,7 +206,7 @@ class LoginXhr extends Control
 		$data['country'] = strip_tags($data['country'] ?? null);
 		$data['country'] = strtolower($data['country']);
 		$data['country'] = trim($data['country']);
-		$data['nr'] = $data['nr'] ?? null;
+		$data['nr'] = htmlspecialchars($data['nr']) ?? null;

 		$data['newsletter'] = (int)$data['newsletter'];
 		if (!in_array($data['newsletter'], array(0, 1), true)) {