Commit 4c0f95b8 authored by Gerhard Killesreiter's avatar Gerhard Killesreiter

SA-2006-011

parent 1c64342b
// $Id$
Drupal 4.7.3, 2006-08-02
------------------------
- fixed security issue (XSS), see SA-2006-011
Drupal 4.7.2, 2006-06-01
------------------------
- fixed critical upload issue, see SA-2006-007
......
......@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
define('VERSION', '4.7.3 dev');
define('VERSION', '4.7.3');
/**
* Implementation of hook_help().
......
......@@ -900,7 +900,7 @@ function user_login($msg = '') {
// Display login form:
if ($msg) {
$form['message'] = array('#value' => "<p>$msg</p>");
$form['message'] = array('#value' => '<p>'. check_plain($msg) .'</p>');
}
unset($_GET['time']);
$form['#action'] = url($_GET['q'], drupal_get_destination());
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment