Run variables taken from $_POST through check_plain(). Use !empty() instead of isset() when checking if these variables are present.
Fixed in 78c456a.
Issue #1732780: Improve handling of $_POST. Use check_plain() on these...
Issue #1732780 by Liam Morland: Improve handling of $_POST
Automatically closed - issue fixed for 2 weeks with no activity.
Drupal is a registered trademark of Dries Buytaert.