diff options
| author | Gerhard Killesreiter | 2006-08-02 18:13:05 (GMT) |
|---|---|---|
| committer | Gerhard Killesreiter | 2006-08-02 18:13:05 (GMT) |
| commit | 4d5cd9f5d08eb847e3a0bd0e5ee1bb03da11cac3 (patch) | |
| tree | b366df1d8d1837ce04c76306895a3c12b4af4eaf | |
| parent | b97a673f45a6e242f329e861a238215898fccbdc (diff) | |
SA-2006-0114.6.9
| -rw-r--r-- | CHANGELOG.txt | 4 | ||||
| -rw-r--r-- | modules/user.module | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 1dcb4ad..8f0c8a8 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,7 @@ +Drupal 4.6.9, 2006-08-02 +------------------------ +- fixed security issue (XSS), see SA-2006-011 + Drupal 4.6.8, 2006-06-01 ------------------------ - fixed critical upload issue, see SA-2006-007 diff --git a/modules/user.module b/modules/user.module index e7aa2a0..7cfd400 100644 --- a/modules/user.module +++ b/modules/user.module @@ -835,7 +835,7 @@ function user_login($edit = array(), $msg = '') { // Display login form: if ($msg) { - $output .= "<p>$msg</p>"; + $output .= '<p>'. check_plain($msg) .'</p>'; } if (count(user_auth_help_links()) > 0) { $output .= form_textfield(t('Username'), 'name', $edit['name'], 30, 64, t('Enter your %s username, or an ID from one of our affiliates: %a.', array('%s' => variable_get('site_name', 'local'), '%a' => implode(', ', user_auth_help_links())))); |