login: match posted input in user name value

Cookie value could still be shown after post, due to partial fix in commit
v2.5-1-g4c8b6c0ab0 (2018-04-20) [exclude cookie data from user name default].

diff --git a/login/form.inc.php b/login/form.inc.php
index b7d8971d88e01295582a968fa0d9fcce424d0c44..bfcb2dda07b9038420a7a8c4fc823b9a36027349 100644 (file)
--- a/login/form.inc.php
+++ b/login/form.inc.php
@@ -2,7 +2,7 @@
 
 <form action="" method="post">
        <input id="login" name="login" placeholder="Gebruikersnaam" value="<?php
-               if (isset($_POST['login'])) print htmlspecialchars($_REQUEST['login']);
+               if (isset($_POST['login'])) print htmlspecialchars($_POST['login']);
        ?>" />
        <input id="pass" name="pass" type="password" value="" placeholder="Wachtwoord" />
        <input type="submit" value="Log in" />