#
#
# patch "www/login.php"
#  from [d22d0cba163de0db350017eb0427c7bdd7e0abe2]
#    to [a6cdf2e23a4bb9869a8dcf38988f0b491e45b6df]
#
============================================================
--- www/login.php	d22d0cba163de0db350017eb0427c7bdd7e0abe2
+++ www/login.php	a6cdf2e23a4bb9869a8dcf38988f0b491e45b6df
@@ -91,8 +91,9 @@ if($_REQUEST['logout']) {
 				$db->RollbackTrans();
 			} else {
 				$t = mktok($username, $shapass, "validate");
+				# addslashes() is pre-applied to request parameters by default
 				$mailbody = "Your username is " . $username . "\r\n" . 
-				"Your password is " . $_REQUEST["password"] . "\r\n" .
+				"Your password is " . stripslashes($_REQUEST["password"]) . "\r\n" .
 				"Your activation token is " . $t . "\r\n" . 
 				"Please go to " . $base_url . "login.php?activate=activate and enter these values.";
 				$mailok = mail($_REQUEST["mail"], "Account at " . $hostname, $mailbody,"From: " . $site_owner_email);