Changeset 1737
- Timestamp:
- 08/27/2008 07:50:33 PM (3 months ago)
- Files:
-
- trunk/admin/login.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/admin/login.php
r1736 r1737 29 29 30 30 if ( md5( $passwort ) == JLOG_ADMIN_PASSWORD) { 31 $_SESSION['logged_in'] = true; 31 $_SESSION['logged_in'] = true; 32 session_regenerate_id(); // neue SID 32 33 33 34 if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.1') { … … 58 59 <input class="userdata" id="password" type="password" name="password" /> 59 60 <input style="display: none;" name="username" type="text" value="do-not-change" /></p> 60 <p><input type="hidden" name="url" value="'. (!empty($get['url']) ? $get['url'] : $post['url']).'" />61 <p><input type="hidden" name="url" value="'.htmlspecialchars(!empty($get['url']) ? $get['url'] : $post['url']).'" /> 61 62 <input type="submit" value="'.$l['admin']['login_send'].'" /></p> 62 63 </form>
