Added encodeURIComponent() call to building of reset parameters ResetPassword() in functions.js
Added maxlength=128 for password fields in ResetPasswordPrompt() for sanity check
Removed htmlentities() and striptags() calls on password fields in ResetPassword.php as changes the value of the password and they're not echo'd to browser.
added substr(xxx,0,128) to limit length of passwords to 128 for sanity
Added encodeURIComponent() call to building of reset parameters ResetPassword() in functions.js Added maxlength=128 for password fields in ResetPasswordPrompt() for sanity check Removed htmlentities() and striptags() calls on password fields in ResetPassword.php as changes the value of the password and they're not echo'd to browser. added substr(xxx,0,128) to limit length of passwords to 128 for sanity