From 1aa60b6be5629ea82843dced6e88029782f61df1 Mon Sep 17 00:00:00 2001
From: Suhendi <suhendi999@gmail.com>
Date: Sat, 1 Feb 2020 12:46:13 +0700
Subject: [PATCH] Fix html injection in login page

---
 view/login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/view/login.php b/view/login.php
index fe6c1a8..00261b5 100644
--- a/view/login.php
+++ b/view/login.php
@@ -46,7 +46,7 @@
                 <form method="POST" action="" id="login_form">
                     <tr>
                         <td><label>Username</label></td>
-                        <td><input id="field_username" type="text" name="username" value="<?php if (isset($username)) { echo $username; } ?>" autofocus/></td>
+                        <td><input id="field_username" type="text" name="username" pattern="" value="<?php if (isset($username)) { echo escapeHTML($username); } ?>" autofocus/></td>
                     </tr>
                     <tr>
                         <td><label>Password</label></td>
-- 
GitLab