mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #1 from silverstripe-security/fixes/ss-2015-016
[ss-2015-016]: Fix XSS in install.php
This commit is contained in:
commit
4c73721bab
@ -202,14 +202,14 @@
|
|||||||
<div class="field">
|
<div class="field">
|
||||||
<label for="admin_username">Email:</label>
|
<label for="admin_username">Email:</label>
|
||||||
<span class="middleColumn">
|
<span class="middleColumn">
|
||||||
<input type="text" class="text configured-by-env" name="admin[username]" id="admin_username" value="<?php echo $adminConfig['username']; ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_USERNAME')) echo 'disabled="disabled"' ?>>
|
<input type="text" class="text configured-by-env" name="admin[username]" id="admin_username" value="<?php echo htmlspecialchars($adminConfig['username'], ENT_QUOTES, 'UTF-8'); ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_USERNAME')) echo 'disabled="disabled"' ?>>
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<label for="admin_password">Password:</label>
|
<label for="admin_password">Password:</label>
|
||||||
<span class="middleColumn">
|
<span class="middleColumn">
|
||||||
<input type="password" class="text configured-by-env" name="admin[password]" id="admin_password" value="<?php echo $adminConfig['password']; ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_PASSWORD')) echo 'disabled="disabled"' ?>>
|
<input type="password" class="text configured-by-env" name="admin[password]" id="admin_password" value="<?php echo htmlspecialchars($adminConfig['password'], ENT_QUOTES, 'UTF-8'); ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_PASSWORD')) echo 'disabled="disabled"' ?>>
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
Loading…
Reference in New Issue
Block a user