From e217b456fb94092116f681f5db4303ac527b005b Mon Sep 17 00:00:00 2001
From: steinm <steinm@577cc39b-cfd1-4aa2-8bc3-eda205cea05a>
Date: Fri, 5 Oct 2012 19:56:37 +0000
Subject: [PATCH] - some more xss prevention

---
 out/out.UsrMgr.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/out/out.UsrMgr.php b/out/out.UsrMgr.php
index c0707f6b2..497cb289f 100644
--- a/out/out.UsrMgr.php
+++ b/out/out.UsrMgr.php
@@ -187,7 +187,7 @@ UI::contentContainerStart();
 
 					if ($usr->isGuest()) continue;
 
-					print "<li class=\"cbSelectItem\"><input id='revUsr".$usr->getID()."' type='checkbox' name='usrReviewers[]' value='". $usr->getID() ."'>".$usr->getLogin();
+					print "<li class=\"cbSelectItem\"><input id='revUsr".$usr->getID()."' type='checkbox' name='usrReviewers[]' value='". $usr->getID() ."'>".htmlspecialchars($usr->getLogin());
 				}
 ?>
 				</ul>
@@ -217,7 +217,7 @@ UI::contentContainerStart();
 
 					if ($usr->isGuest()) continue;
 
-					print "<li class=\"cbSelectItem\"><input id='appUsr".$usr->getID()."' type='checkbox' name='usrApprovers[]' value='". $usr->getID() ."'>".$usr->getLogin();
+					print "<li class=\"cbSelectItem\"><input id='appUsr".$usr->getID()."' type='checkbox' name='usrApprovers[]' value='". $usr->getID() ."'>".htmlspecialchars($usr->getLogin());
 				}
 ?>
 				</ul>
@@ -249,7 +249,7 @@ UI::contentContainerStart();
 
 		print "<td id=\"keywords".$currUser->getID()."\" style=\"display : none;\">";
 
-		UI::contentSubHeading(getMLText("user")." : ".$currUser->getLogin());
+		UI::contentSubHeading(getMLText("user")." : ".htmlspecialchars($currUser->getLogin()));
 	?>
 
 	<a class="standardText" href="../out/out.RemoveUser.php?userid=<?php print $currUser->getID();?>"><img src="images/del.gif" width="15" height="15" border="0" align="absmiddle" alt=""> <?php printMLText("rm_user");?></a>
@@ -263,7 +263,7 @@ UI::contentContainerStart();
 	<table>
 		<tr>
 			<td><?php printMLText("user_login");?>:</td>
-			<td><input name="login" value="<?php print $currUser->getLogin();?>"></td>
+			<td><input name="login" value="<?php print htmlspecialchars($currUser->getLogin());?>"></td>
 		</tr>
 		<tr>
 			<td><?php printMLText("password");?>:</td>
@@ -347,7 +347,7 @@ UI::contentContainerStart();
 					$checked=false;
 					foreach ($res as $r) if ($r['reviewerUserID']==$usr->getID()) $checked=true;
 
-					print "<li class=\"cbSelectItem\"><input id='revUsr".$usr->getID()."' type='checkbox' ".($checked?"checked='checked' ":"")."name='usrReviewers[]' value='". $usr->getID() ."'>".$usr->getLogin()."</li>\n";
+					print "<li class=\"cbSelectItem\"><input id='revUsr".$usr->getID()."' type='checkbox' ".($checked?"checked='checked' ":"")."name='usrReviewers[]' value='". $usr->getID() ."'>".htmlspecialchars($usr->getLogin())."</li>\n";
 				}
 				?>
 				</ul>
@@ -387,7 +387,7 @@ UI::contentContainerStart();
 					$checked=false;
 					foreach ($res as $r) if ($r['approverUserID']==$usr->getID()) $checked=true;
 
-					print "<li class=\"cbSelectItem\"><input id='appUsr".$usr->getID()."' type='checkbox' ".($checked?"checked='checked' ":"")."name='usrApprovers[]' value='". $usr->getID() ."'>".$usr->getLogin()."</li>\n";
+					print "<li class=\"cbSelectItem\"><input id='appUsr".$usr->getID()."' type='checkbox' ".($checked?"checked='checked' ":"")."name='usrApprovers[]' value='". $usr->getID() ."'>".htmlspecialchars($usr->getLogin())."</li>\n";
 				}
 				?>
 				</ul>