gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-13 12:31:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use htmlspecialchars() in getAttributeValue() for user/group name

Browse Source
This commit is contained in:
Uwe Steinmann 2021-02-06 18:01:26 +01:00
parent 0d6fe3e238
commit e7b40e21f3
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
views/bootstrap/class.Bootstrap.php
View File

@ -1528,7 +1528,7 @@ $(document).ready(function() {
$tmp = array(); $tmp = array();
foreach($attrs as $attr) { foreach($attrs as $attr) {
$curuser = $dms->getUser((int) $attr); $curuser = $dms->getUser((int) $attr);
$tmp[] = $curuser->getFullname()." (".$curuser->getLogin().")"; $tmp[] = htmlspecialchars($curuser->getFullname()." (".$curuser->getLogin().")");
} }
return implode('<br />', $tmp); return implode('<br />', $tmp);
break; break;
@ -1537,7 +1537,7 @@ $(document).ready(function() {
$tmp = array(); $tmp = array();
foreach($attrs as $attr) { foreach($attrs as $attr) {
$curgroup = $dms->getGroup((int) $attr); $curgroup = $dms->getGroup((int) $attr);
$tmp[] = $curgroup->getName(); $tmp[] = htmlspecialchars($curgroup->getName());
} }
return implode('<br />', $tmp); return implode('<br />', $tmp);
break; break;