source: tags/2.0.2/services/templates/login_form.ihtml @ 312

Last change on this file since 312 was 185, checked in by scdev, 18 years ago

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html
File size: 766 bytes
RevLine 
[185]1<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
[1]2<?php App::printHiddenSession() ?>
[20]3<table>
[1]4    <tr>
[20]5        <td class="right"><label for="username"><?php echo _("Username"); ?></label></td>
[22]6        <td>
7            <input type="text" class="small" size="20" name="username" value="<?php echo oTxt($frm['username']); ?>" />
[20]8        </td>
[1]9    </tr>
10    <tr>
[20]11        <td class="right"><label for="password"><?php echo _("Password"); ?></label></td>
[22]12        <td>
13            <input type="password" class="small" size="20" name="password" value="<?php echo oTxt($frm['password']); ?>" />
[20]14        </td>
[1]15    </tr>
16    <tr>
[20]17        <td>&nbsp;</td>
[22]18        <td><input type="submit" value="<?php echo _("Login"); ?>" /></td>
[1]19    </tr>
20</table>
21</form>
Note: See TracBrowser for help on using the repository browser.