Skip to content

Commit

Permalink
Dev Small security fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@c-schmitz
c-schmitz committed Aug 21, 2014
1 parent 8b07a1b commit ceecfbb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion application/controllers/admin/useraction.php
View file
Expand Up @@ -119,7 +119,7 @@ function adduser()
$body = sprintf($clang->gT("Hello %s,"), $new_full_name) . "<br /><br />\n";
$body .= sprintf($clang->gT("this is an automated email to notify that a user has been created for you on the site '%s'."), Yii::app()->getConfig("sitename")) . "<br /><br />\n";
$body .= $clang->gT("You can use now the following credentials to log into the site:") . "<br />\n";
$body .= $clang->gT("Username") . ": " . $new_user . "<br />\n";
$body .= $clang->gT("Username") . ": " . htmlspecialchars($new_user) . "<br />\n";
if (Yii::app()->getConfig("auth_webserver") === false) { // authent is not delegated to web server
// send password (if authorized by config)
if (Yii::app()->getConfig("display_user_password_in_email") === true) {
Expand Down

1 comment on commit ceecfbb

@Shnoulle
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't think it's needed, we have already that before:*

   $new_user = flattenText(Yii::app()->request->getPost('new_user'), false, true);

Please sign in to comment.