Commit 8b820834 authored by Gerhard Killesreiter's avatar Gerhard Killesreiter

SA-2006-011

parent eaf35401
......@@ -854,7 +854,7 @@ function user_login($msg = '') {
// Display login form:
if ($msg) {
$form['message'] = array('#value' => "<p>$msg</p>");
$form['message'] = array('#value' => '<p>'. check_plain($msg) .'</p>');
}
$form['name'] = array('#type' => 'textfield',
'#title' => t('Username'),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment