SF.net SVN: postfixadmin:[1806] branches/postfixadmin-2.3

[<chr...@us...>]

Revision: 1806
          http://sourceforge.net/p/postfixadmin/code/1806
Author:   christian_boltz
Date:     2015-09-28 20:37:53 +0000 (Mon, 28 Sep 2015)
Log Message:
-----------
templates/users_login.php:
- don't prefill username in users/ login on failed logins - fixes (probably
  harmless) XSS.
  Thanks to Juan Rossi for reporting this!

Modified Paths:
--------------
    branches/postfixadmin-2.3/CHANGELOG.TXT
    branches/postfixadmin-2.3/templates/users_login.php

Modified: branches/postfixadmin-2.3/CHANGELOG.TXT
===================================================================
--- branches/postfixadmin-2.3/CHANGELOG.TXT	2015-09-26 18:54:50 UTC (rev 1805)
+++ branches/postfixadmin-2.3/CHANGELOG.TXT	2015-09-28 20:37:53 UTC (rev 1806)
@@ -12,6 +12,8 @@
 
 Changes since the 2.3.7 release:
   - fix query to enable/disable alias in edit-mailbox for PostgreSQL (#311)
+  - don't prefill username in users/ login on failed logins - fixes (probably
+    harmless) XSS
 
 Version 2.3.7 - 2014/02/20 - SVN r1651 (postfixadmin-2.3 branch)
 ----------------------------------------------------------------

Modified: branches/postfixadmin-2.3/templates/users_login.php
===================================================================
--- branches/postfixadmin-2.3/templates/users_login.php	2015-09-26 18:54:50 UTC (rev 1805)
+++ branches/postfixadmin-2.3/templates/users_login.php	2015-09-28 20:37:53 UTC (rev 1806)
@@ -7,7 +7,7 @@
    </tr>
    <tr>
       <td><?php print $PALANG['pUsersLogin_username'] . ":"; ?></td>
-      <td><input class="flat" type="text" name="fUsername" value="<?php print $tUsername; ?>" /></td>
+      <td><input class="flat" type="text" name="fUsername" /></td>
    </tr>
    <tr>
       <td><?php print $PALANG['pUsersLogin_password'] . ":"; ?></td>

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.