From 8b820834e5c7ee12668c8f3a172dabc3af0455ba Mon Sep 17 00:00:00 2001
From: Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org>
Date: Wed, 2 Aug 2006 18:13:40 +0000
Subject: [PATCH] SA-2006-011

---
 modules/user/user.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/user/user.module b/modules/user/user.module
index 46c2ea9d9944..a4d120e72f5b 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -854,7 +854,7 @@ function user_login($msg = '') {
 
   // Display login form:
   if ($msg) {
-    $form['message'] = array('#value' => "<p>$msg</p>");
+    $form['message'] = array('#value' => '<p>'. check_plain($msg) .'</p>');
   }
   $form['name'] = array('#type' => 'textfield',
     '#title' => t('Username'),
-- 
GitLab