diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-07-01 17:57:39 -0700 |
| commit | 8f9a943f55c1342177d7687e3d891f5d1c9eff30 (patch) | |
| tree | eb84d7973495f3b9558951139c0b4952be0a2aaa /modules/user/controllers/password.php | |
| parent | 7b1e3c50218b235a7d25ebe21f93eb8dd9acfb84 (diff) | |
Fix a bunch of XSS vulnerabilities turned up by manual inspection
using the checklist in ticket #385.
Diffstat (limited to 'modules/user/controllers/password.php')
| -rw-r--r-- | modules/user/controllers/password.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 2dde11b8..ed3b9736 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -72,7 +72,9 @@ class Password_Controller extends Controller { ->message($message->render()) ->send(); - log::success("user", "Password reset email sent for user $user->name"); + log::success( + "user", + t("Password reset email sent for user %name", array("name" => p::clean($user->name))); } else { // Don't include the username here until you're sure that it's XSS safe log::warning( |