gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-06-01 22:47:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix possible xss attack

Browse Source
This commit is contained in:
Uwe Steinmann 2016-01-28 13:36:07 +01:00
parent 36602ff54a
commit b2ccf18db7
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
views/bootstrap/class.UserList.php
View File

@ -59,15 +59,15 @@ class SeedDMS_View_UserList extends SeedDMS_Bootstrap_Style {
print "<img width=\"50\" src=\"".$httproot . "out/out.UserImage.php?userid=".$currUser->getId()."\">"; print "<img width=\"50\" src=\"".$httproot . "out/out.UserImage.php?userid=".$currUser->getId()."\">";
echo "</td>"; echo "</td>";
echo "<td>"; echo "<td>";
echo $currUser->getFullName()." (".$currUser->getLogin().")<br />"; echo htmlspecialchars($currUser->getFullName())." (".htmlspecialchars($currUser->getLogin()).")<br />";
echo "<a href=\"mailto:".$currUser->getEmail()."\">".$currUser->getEmail()."</a><br />"; echo "<a href=\"mailto:".$currUser->getEmail()."\">".htmlspecialchars($currUser->getEmail())."</a><br />";
echo "<small>".$currUser->getComment()."</small>"; echo "<small>".htmlspecialchars($currUser->getComment())."</small>";
echo "</td>"; echo "</td>";
echo "<td>"; echo "<td>";
$groups = $currUser->getGroups(); $groups = $currUser->getGroups();
if (count($groups) != 0) { if (count($groups) != 0) {
for ($j = 0; $j < count($groups); $j++) { for ($j = 0; $j < count($groups); $j++) {
print $groups[$j]->getName(); print htmlspecialchars($groups[$j]->getName());
if ($j +1 < count($groups)) if ($j +1 < count($groups))
print ", "; print ", ";
} }