Run variables taken from $_POST through check_plain(). Use !empty() instead of isset() when checking if these variables are present.

Comments

Status:Active» Patch (to be ported)

Fixed in 78c456a.

Version:7.x-1.x-dev» 6.x-1.x-dev

Assigned:Liam Morland» Unassigned