# HG changeset patch
# User Dan Fuhry <dan@enanocms.org>
# Date 1310523318 14400
# Node ID d8983d3a84680e1d9a4790b2d4d1fdf3da9da6a6
# Parent  b79029a49d28474aa543a0da79ae4b29328300df
SECURITY: Fixed XSS in post-login page redirection. Reported by Secunia.

diff -r b79029a49d28 -r d8983d3a8468 plugins/SpecialUserFuncs.php
--- a/plugins/SpecialUserFuncs.php	Fri Jun 03 10:45:21 2011 -0400
+++ b/plugins/SpecialUserFuncs.php	Tue Jul 12 22:15:18 2011 -0400
@@ -408,7 +408,7 @@
 				$name = get_page_title($_POST['return_to']);
 				$subst = array(
 						'username' => $session->username,
-						'redir_target' => $name
+						'redir_target' => htmlspecialchars($name)
 					);
 				redirect( makeUrl($_POST['return_to'], $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
 			}