use htmlspecialchars() in getAttributeValue() for user/group name

This commit is contained in:
Uwe Steinmann 2021-02-06 18:01:26 +01:00
parent 0d6fe3e238
commit e7b40e21f3

View File

@ -1528,7 +1528,7 @@ $(document).ready(function() {
$tmp = array();
foreach($attrs as $attr) {
$curuser = $dms->getUser((int) $attr);
$tmp[] = $curuser->getFullname()." (".$curuser->getLogin().")";
$tmp[] = htmlspecialchars($curuser->getFullname()." (".$curuser->getLogin().")");
}
return implode('<br />', $tmp);
break;
@ -1537,7 +1537,7 @@ $(document).ready(function() {
$tmp = array();
foreach($attrs as $attr) {
$curgroup = $dms->getGroup((int) $attr);
$tmp[] = $curgroup->getName();
$tmp[] = htmlspecialchars($curgroup->getName());
}
return implode('<br />', $tmp);
break;