From 4a83866d57441c79fa678957d638b4623f1dad83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”>
Date: Thu, 21 Mar 2024 13:25:55 +0100
Subject: [PATCH] Improve pasword reset

---
 reset.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/reset.php b/reset.php
index bc31c25..6061e54 100644
--- a/reset.php
+++ b/reset.php
@@ -62,8 +62,8 @@ if (isset($_POST['resetkey']) && $_POST['resetkey'] !='' && $_POST['password_upd
     $resetkey = $_POST['resetkey'];
 
     //Clean up passwords
-    $password = trim($_POST["password"]);
-    $confirm_password = trim($_POST["password_update"]);
+    $password = htmlspecialchars(trim($_POST["password"]), ENT_QUOTES);
+    $confirm_password = htmlspecialchars(trim($_POST["password_update"]), ENT_QUOTES);
 
     //Check if passwords are equal
     if ($password == $confirm_password){