Index: /changelog
===================================================================
--- /changelog	(revision 8160)
+++ /changelog	(revision 8161)
@@ -527,4 +527,6 @@
 - Bugfix: UngÃŒltige URLs bei URL Benachrichtigung werden nicht getriggert
 - Bugfix: Gewicht aus Produktvarianten wird korrekt gespeichert
+- Bugfix: MÃ¶gliche XSS LÃŒcke bei Kundenregistrierung geschlossen
+- Bugfix: autocomplete="off" fÃŒr E-Mail/Kennwortfelder
 - Feature: DSGVO Layer fÃŒr das Registrierungsrecaptcha
 - Feature: Exportprofile: XML Erstellung verbessert
Index: /mods/wpsg_mod_kundenverwaltung.class.php
===================================================================
--- /mods/wpsg_mod_kundenverwaltung.class.php	(revision 8160)
+++ /mods/wpsg_mod_kundenverwaltung.class.php	(revision 8161)
@@ -862,5 +862,5 @@
 			else if (isset($_REQUEST['wpsg_mod_kundenverwaltung_register']))
 			{
-				
+				 
 				/** Wird aufgerufen wenn sich ein Kunde registrieren mÃ¶chte. */
 				$this->shop->checkEscape();
@@ -958,8 +958,6 @@
 				}
 				
-			}
-			else if (isset($_REQUEST['wpsg_mod_kundenverwaltung_save']))
-			{
-				
+			} else if (isset($_REQUEST['wpsg_mod_kundenverwaltung_save'])) {
+			 
 				/** Wird beim speichern des Profils aufgerufen */
 				$this->shop->checkEscape();
Index: /views/mods/mod_kundenverwaltung/checkout_login.phtml
===================================================================
--- /views/mods/mod_kundenverwaltung/checkout_login.phtml	(revision 8160)
+++ /views/mods/mod_kundenverwaltung/checkout_login.phtml	(revision 8161)
@@ -12,5 +12,12 @@
 		<label for="wpsg_mod_kundenverwaltung_email"><?php echo __("E-Mail Adresse", "wpsg"); ?>:
 		</label>
-		<input class="wpsg_checkout <?php echo ((in_array("wpsg_mod_kundenverwaltung_email", (array)$this->view['error']))?'wpsg_error':''); ?>" type="text" id="wpsg_mod_kundenverwaltung_email" name="wpsg[mod_kundenverwaltung][email]" value="" />			
+		<input 
+            class="wpsg_checkout <?php echo ((in_array("wpsg_mod_kundenverwaltung_email", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+            type="text" 
+            id="wpsg_mod_kundenverwaltung_email" 
+            name="wpsg[mod_kundenverwaltung][email]" 
+            value=""
+            autocomplete="off"
+        />			
 	</div>
 	
@@ -18,5 +25,12 @@
 		<label for="wpsg_mod_kundenverwaltung_password"><?php echo __("Passwort", "wpsg"); ?>:
 		</label>
-		<input class="wpsg_checkout <?php echo ((in_array("wpsg_mod_kundenverwaltung_password", (array)$this->view['error']))?'wpsg_error':''); ?>" type="password" id="wpsg_mod_kundenverwaltung_password" name="wpsg[mod_kundenverwaltung][password]" value="" />
+		<input 
+            class="wpsg_checkout <?php echo ((in_array("wpsg_mod_kundenverwaltung_password", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+            type="password" 
+            id="wpsg_mod_kundenverwaltung_password" 
+            name="wpsg[mod_kundenverwaltung][password]" 
+            value="" 
+            autocomplete="off"
+        />
 	</div>
 	
Index: /views/mods/mod_kundenverwaltung/login.phtml
===================================================================
--- /views/mods/mod_kundenverwaltung/login.phtml	(revision 8160)
+++ /views/mods/mod_kundenverwaltung/login.phtml	(revision 8161)
@@ -19,10 +19,23 @@
 				<div class="wpsg_block wpsg_checkoutblock">
 					<label for="wpsg_mod_kundenverwaltung_email"><?php echo __("E-Mail Adresse", "wpsg"); ?>:</label>
-					<input class="wpsg_checkout" type="text" id="wpsg_mod_kundenverwaltung_email" name="wpsg[mod_kundenverwaltung][email]" value="<?php echo wpsg_getStr($this->view['wpsg_mod_kundenverwaltung']['email']); ?>" />
+					<input 
+                        class="wpsg_checkout" 
+                        type="text" 
+                        autocomplete="off"
+                        id="wpsg_mod_kundenverwaltung_email" 
+                        name="wpsg[mod_kundenverwaltung][email]" 
+                        value="<?php echo wpsg_getStr($this->view['wpsg_mod_kundenverwaltung']['email']); ?>" />
 				</div>
 			
 				<div class="wpsg_block wpsg_checkoutblock">
 					<label for="wpsg_mod_kundenverwaltung_password"><?php echo __("Passwort", "wpsg"); ?>:</label>
-					<input class="wpsg_checkout" type="password" id="wpsg_mod_kundenverwaltung_password" name="wpsg[mod_kundenverwaltung][password]" value="" />
+					<input 
+                        class="wpsg_checkout" 
+                        type="password" 
+                        id="wpsg_mod_kundenverwaltung_password" 
+                        name="wpsg[mod_kundenverwaltung][password]" 
+                        value="" 
+                        autocomplete="off"
+                    />
 				</div>
 			 
Index: /views/mods/mod_kundenverwaltung/profil.phtml
===================================================================
--- /views/mods/mod_kundenverwaltung/profil.phtml	(revision 8160)
+++ /views/mods/mod_kundenverwaltung/profil.phtml	(revision 8161)
@@ -1,5 +1,5 @@
 <?php
 
-	/**
+	/** 
 	 * Seite fÃŒr das Profil eines Kunden
 	 */
@@ -194,5 +194,13 @@
 			<?php if ($this->view['pflicht']['email'] != '1') { ?><span class="wpsg_required">*</span><?php } ?>:
 			</label>
-			<input class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> wpsg_checkout <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" type="email" id="email" name="wpsg[profil][email]" value="<?php echo htmlspecialchars($this->view['data']['email']); ?>" />		
+			<input 
+                class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?>
+                wpsg_checkout <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+                type="email" 
+                id="email" 
+                name="wpsg[profil][email]" 
+                value="<?php echo htmlspecialchars($this->view['data']['email']); ?>" 
+                autocomplete="off"
+            />		
 		</div>
 		<?php } ?>
@@ -203,5 +211,13 @@
 			<?php if ($this->view['pflicht']['email'] != '1') { ?><span class="wpsg_required">*</span><?php } ?>:
 			</label>
-			<input class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> wpsg_checkout <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" type="email" id="email2" name="wpsg[profil][email2]" value="<?php echo htmlspecialchars($this->view['data']['email2']); ?>" />			
+			<input 
+                class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> 
+                wpsg_checkout <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+                type="email" 
+                id="email2" 
+                name="wpsg[profil][email2]" 
+                value="<?php echo htmlspecialchars($this->view['data']['email2']); ?>" 
+                autocomplete="off"
+            />			
 		</div>
 		<?php } ?>
@@ -325,5 +341,12 @@
 			<?php if ($this->get_option('wpsg_mod_kundenverwaltung_showCheckoutRegisterzwang') == '1') { ?><span class="wpsg_required">*</span><?php } ?>:
 			</label>
-			<input class="wpsg_checkout <?php echo ((in_array("mod_kundenverwaltung_pwd1", (array)$this->view['error']))?'wpsg_error':''); ?>" type="password" id="wpsg_mod_kundenverwaltung_pw1" name="wpsg[mod_kundenverwaltung][register_pwd1]" value="" /><span id="wpsg_mod_kundenverwaltung_password_result"></span>	
+			<input 
+                class="wpsg_checkout <?php echo ((in_array("mod_kundenverwaltung_pwd1", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+                type="password" 
+                id="wpsg_mod_kundenverwaltung_pw1" 
+                name="wpsg[mod_kundenverwaltung][register_pwd1]" 
+                value="" 
+                autocomplete="off"
+            /><span id="wpsg_mod_kundenverwaltung_password_result"></span>	
 		</div>
 		
@@ -332,5 +355,12 @@
 			<?php if ($this->get_option('wpsg_mod_kundenverwaltung_showCheckoutRegisterzwang') == '1') { ?><span class="wpsg_required">*</span><?php } ?>:
 			</label>
-			<input class="wpsg_checkout <?php echo ((in_array("mod_kundenverwaltung_pwd2", (array)$this->view['error']))?'wpsg_error':''); ?>" type="password" id="wpsg_mod_kundenverwaltung_pwd2" name="wpsg[mod_kundenverwaltung][register_pwd2]" value="" />
+			<input 
+                class="wpsg_checkout <?php echo ((in_array("mod_kundenverwaltung_pwd2", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+                type="password" 
+                id="wpsg_mod_kundenverwaltung_pwd2" 
+                name="wpsg[mod_kundenverwaltung][register_pwd2]" 
+                value="" 
+                autocomplete="off"
+            />
 		</div>
 		
Index: /views/mods/mod_kundenverwaltung/register.phtml
===================================================================
--- /views/mods/mod_kundenverwaltung/register.phtml	(revision 8160)
+++ /views/mods/mod_kundenverwaltung/register.phtml	(revision 8161)
@@ -199,5 +199,11 @@
 			<?php if ($this->view['pflicht']['email'] != '1') { ?><span class="wpsg_required">*</span><?php } ?>:
 			</label>
-			<input class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> wpsg_register <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" type="email" id="email" name="wpsg[register][email]" value="<?php echo htmlspecialchars(wpsg_getStr($this->view['data']['email'])); ?>" />
+			<input 
+                class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> wpsg_register <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+                type="email" id="email" 
+                name="wpsg[register][email]" 
+                value="<?php echo htmlspecialchars(wpsg_getStr($this->view['data']['email'])); ?>" 
+                autocomplete="off"
+            />
 		</div>
 		<?php } ?>
@@ -208,5 +214,12 @@
 			<?php if ($this->view['pflicht']['email'] != '1') { ?><span class="wpsg_required">*</span><?php } ?>:
 			</label>
-			<input class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> wpsg_checkout <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" type="email" id="email2" name="wpsg[register][email2]" value="<?php echo htmlspecialchars(wpsg_getStr($this->view['data']['register']['email2'])); ?>" />
+			<input 
+                class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> wpsg_checkout <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+                type="email"
+                id="email2" 
+                name="wpsg[register][email2]" 
+                value="<?php echo htmlspecialchars(wpsg_getStr($this->view['data']['register']['email2'])); ?>" 
+                autocomplete="off"
+            />
 		</div>
 		<?php } ?>
@@ -216,5 +229,12 @@
 			<?php if (wpsg_getStr($this->view['pflicht']['pwd1']) != '1') { ?><span class="wpsg_required">*</span><?php } ?>:
 			</label>
-			<input class="<?php echo ((wpsg_getStr($this->view['pflicht']['pwd1']) != '1')?'validate[required]':''); ?> wpsg_register <?php echo ((in_array("mod_kundenverwaltung_pwd1", (array)$this->view['error']))?'wpsg_error':''); ?>" type="password" id="pwd1" name="wpsg[register][register_pwd1]" value="" /><span id="wpsg_checkoutblock_password_result"></span>
+			<input 
+                class="<?php echo ((wpsg_getStr($this->view['pflicht']['pwd1']) != '1')?'validate[required]':''); ?> wpsg_register <?php echo ((in_array("mod_kundenverwaltung_pwd1", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+                type="password" 
+                id="pwd1" 
+                name="wpsg[register][register_pwd1]" 
+                autocomplete="off"
+                value="" 
+            /><span id="wpsg_checkoutblock_password_result"></span>
 		</div>
 		
@@ -223,5 +243,12 @@
 			<?php if (wpsg_getStr($this->view['pflicht']['pwd2']) != '1') { ?><span class="wpsg_required">*</span><?php } ?>:
 			</label>
-			<input class="<?php echo ((wpsg_getStr($this->view['pflicht']['pwd2']) != '1')?'validate[required]':''); ?> wpsg_register <?php echo ((in_array("mod_kundenverwaltung_pwd2", (array)$this->view['error']))?'wpsg_error':''); ?>" type="password" id="pwd2" name="wpsg[register][register_pwd2]" value="" />
+			<input 
+                class="<?php echo ((wpsg_getStr($this->view['pflicht']['pwd2']) != '1')?'validate[required]':''); ?> wpsg_register <?php echo ((in_array("mod_kundenverwaltung_pwd2", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+                type="password" 
+                id="pwd2" 
+                name="wpsg[register][register_pwd2]" 
+                value="" 
+                autocomplete="off"
+            />
 		</div>
 		
Index: /views/mods/mod_kundenverwaltung/widget.phtml
===================================================================
--- /views/mods/mod_kundenverwaltung/widget.phtml	(revision 8160)
+++ /views/mods/mod_kundenverwaltung/widget.phtml	(revision 8161)
@@ -32,6 +32,19 @@
 		<h2 class="widget-title widgettitle"><?php echo __('Login', 'wpsg'); ?></h2>
 	 
-		<input type="text" value="<?php echo __('E-Mail', 'wpsg'); ?>" id="wpsg_mod_kundenverwaltung_widget_email" name="wpsg[mod_kundenverwaltung][email]" />
-		<input type="password" value="<?php echo __('Passwort', 'wpsg'); ?>" id="wpsg_mod_kundenverwaltung_widget_passwort" name="wpsg[mod_kundenverwaltung][password]" />
+		<input 
+            type="text"
+            value="<?php echo __('E-Mail', 'wpsg'); ?>" 
+            id="wpsg_mod_kundenverwaltung_widget_email" 
+            name="wpsg[mod_kundenverwaltung][email]"
+            autocomplete="off"
+        />
+        
+		<input 
+            type="password" 
+            value="<?php echo __('Passwort', 'wpsg'); ?>" 
+            id="wpsg_mod_kundenverwaltung_widget_passwort"
+            name="wpsg[mod_kundenverwaltung][password]" 
+            autocomplete="off"
+        />
 		
 		<br /><br />
Index: /views/warenkorb/checkout.phtml
===================================================================
--- /views/warenkorb/checkout.phtml	(revision 8160)
+++ /views/warenkorb/checkout.phtml	(revision 8161)
@@ -163,5 +163,12 @@
 					<?php if ($this->view['pflicht']['email'] != '1') { ?><span class="wpsg_required">*</span><?php } ?>
 					</label>
-					<input class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> wpsg_checkout <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" type="email" id="email" name="wpsg[checkout][email]" value="<?php echo htmlspecialchars(wpsg_getStr($this->view['basket']['checkout']['email'])); ?>" />
+					<input 
+                        class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> wpsg_checkout <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+                        type="email" 
+                        id="email" 
+                        name="wpsg[checkout][email]" 
+                        value="<?php echo htmlspecialchars(wpsg_getStr($this->view['basket']['checkout']['email'])); ?>"
+                        autocomplete="off"
+                    />
 				</div>
 				<?php } ?>
@@ -173,5 +180,12 @@
 					<?php if ($this->view['pflicht']['email'] != '1') { ?><span class="wpsg_required">*</span><?php } ?>
 					</label>
-					<input class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> wpsg_checkout <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" type="email" id="email2" name="wpsg[checkout][email2]" value="<?php echo htmlspecialchars(wpsg_getStr($this->view['basket']['checkout']['email2'])); ?>" />
+					<input 
+                        class="wpsg_input_text <?php echo (($this->view['pflicht']['email'] != '1')?'validate[required]':''); ?> wpsg_checkout <?php echo ((in_array("email", (array)$this->view['error']))?'wpsg_error':''); ?>" 
+                        type="email" 
+                        id="email2" 
+                        name="wpsg[checkout][email2]" 
+                        value="<?php echo htmlspecialchars(wpsg_getStr($this->view['basket']['checkout']['email2'])); ?>" 
+                        autocomplete="off"
+                    />
 				</div>
 				<?php } ?>
