Fixed issue #5831: User name not properly quoted on display

Fixed issue #5832: Unsanitized variable id when viewing a single response

admin/browse.php

@@ -10,14 +10,13 @@
  * other free or open source software licenses.
  * See COPYRIGHT.php for copyright notices and details.
  *
- * $Id: browse.php 12164 2012-01-23 14:24:20Z tmswhite $
 */
 
 include_once("login_check.php");  //Login Check dies also if the script is started directly
 
-if (!isset($limit)) {$limit=returnglobal('limit');}
+if (!isset($limit)) {$limit=(int)returnglobal('limit');}
 if (!isset($surveyid)) {$surveyid=returnglobal('sid');}
-if (!isset($id)) {$id=returnglobal('id');}
+if (!isset($id)) {$id=(int)returnglobal('id');}
 if (!isset($order)) {$order=returnglobal('order');}
 if (!isset($browselang)) {$browselang=returnglobal('browselang');}
 

admin/userrighthandling.php

@@ -10,7 +10,7 @@
  * other free or open source software licenses.
  * See COPYRIGHT.php for copyright notices and details.
  *
- * $Id: userrighthandling.php 11664 2011-12-16 05:19:42Z tmswhite $
+ * $Id$
  */
 //Security Checked: POST/GET/DB/SESSION
 //Ensure script is not run directly, avoid path disclosure
@@ -445,8 +445,10 @@
     . "</tr></thead><tbody>\n";
 
     $userlist = getuserlist();
+
     $ui = count($userlist);
     $usrhimself = $userlist[0];
+    $usrhimself =array_map('htmlspecialchars',$usrhimself);
     unset($userlist[0]);
 
     //	output users
@@ -511,6 +513,8 @@
     {
 
         $usr = $usr_arr[$i];
+        $usr =array_map('htmlspecialchars',$usr);
+
         $usersummary .= "<tr>\n";
 
         $usersummary .= "<td align='center' style='padding:3px;'>\n";