--- admin/login.php.orig 2012-06-19 21:37:26.606807091 -0100
+++ admin/login.php 2012-06-19 21:38:29.380814750 -0100
@@ -44,7 +44,7 @@
{
$banner_type = 'error';
$banner_visibility = 'visible';
- $banner_text = preg_replace('/\_\_user\_\_/', $username, $lang->get('invalid_login'));
+ $banner_text = preg_replace('/\_\_user\_\_/', htmlentities($username), $lang->get('invalid_login'));
}
}
@@ -72,4 +72,4 @@
$skin->title($lang->get('admin_login') . ' • ' . $lang->get('site_title'));
echo $skin->output(false, false, true);
-?>
\ No newline at end of file
+?>