diff --git a/manage_config_revert.php b/manage_config_revert.php
index 8afeaa68b0..9523e35905 100644
--- a/manage_config_revert.php
+++ b/manage_config_revert.php
@@ -74,7 +74,7 @@
if( '' != $f_revert ) {
# Confirm with the user
helper_ensure_confirmed( lang_get( 'config_delete_sure' ) . lang_get( 'word_separator' ) .
- string_html_specialchars( implode( ', ', $t_revert_vars ) ) . lang_get( 'word_separator' ) . lang_get( 'in_project' ) . lang_get( 'word_separator' ) . project_get_name( $f_project_id ),
+ string_html_specialchars( implode( ', ', $t_revert_vars ) ) . lang_get( 'word_separator' ) . lang_get( 'in_project' ) . lang_get( 'word_separator' ) . string_attribute( project_get_name( $f_project_id ) ),
lang_get( 'delete_config_button' ) );
foreach ( $t_revert_vars as $t_revert ) {
diff --git a/manage_custom_field_update.php b/manage_custom_field_update.php
index fc6fcc4cef..a461544c66 100644
--- a/manage_custom_field_update.php
+++ b/manage_custom_field_update.php
@@ -73,7 +73,12 @@
$t_def = custom_field_get_definition( $f_field_id );
if( $t_def['type'] != $t_values['type'] && custom_field_has_data( $f_field_id ) ) {
- helper_ensure_confirmed( sprintf( lang_get( 'warning_update_custom_field_type' ), $t_def['name'] ), lang_get( 'update' ) );
+ helper_ensure_confirmed(
+ sprintf( lang_get( 'warning_update_custom_field_type' ),
+ string_attribute( $t_def['name'] )
+ ),
+ lang_get( 'update' )
+ );
}
custom_field_update( $f_field_id, $t_values );
diff --git a/manage_filter_delete.php b/manage_filter_delete.php
index 1dd32a433c..1566bb4e4e 100644
--- a/manage_filter_delete.php
+++ b/manage_filter_delete.php
@@ -56,7 +56,7 @@
exit;
}
-helper_ensure_confirmed( lang_get( 'query_delete_msg' ) . '
"' . filter_get_field( $f_filter_id, 'name' ) . '"',
+helper_ensure_confirmed( lang_get( 'query_delete_msg' ) . '
"' . string_attribute( filter_get_field( $f_filter_id, 'name' ) ) . '"',
lang_get( 'delete_query' ) );
filter_db_delete_filter( $f_filter_id );
diff --git a/manage_proj_user_remove.php b/manage_proj_user_remove.php
index 0b68df344b..b25c90312a 100644
--- a/manage_proj_user_remove.php
+++ b/manage_proj_user_remove.php
@@ -74,7 +74,7 @@
# Confirm with the user
helper_ensure_confirmed( lang_get( 'remove_user_sure_msg' ) .
- '
' . lang_get( 'username_label' ) . lang_get( 'word_separator' ) . $t_user['username'],
+ '
' . lang_get( 'username_label' ) . lang_get( 'word_separator' ) . string_attribute( $t_user['username'] ),
lang_get( 'remove_user_button' ) );
project_remove_user( $f_project_id, $f_user_id );
diff --git a/manage_user_delete.php b/manage_user_delete.php
index e7d206a633..4c3a1e8c0e 100644
--- a/manage_user_delete.php
+++ b/manage_user_delete.php
@@ -57,7 +57,7 @@
$t_user = user_get_row( $f_user_id );
helper_ensure_confirmed( lang_get( 'delete_account_sure_msg' ) .
- '
' . lang_get( 'username_label' ) . lang_get( 'word_separator' ) . $t_user['username'],
+ '
' . lang_get( 'username_label' ) . lang_get( 'word_separator' ) . string_attribute( $t_user['username'] ),
lang_get( 'delete_account_button' ) );
# If an administrator is trying to delete their own account, use
diff --git a/manage_user_proj_delete.php b/manage_user_proj_delete.php
index 3bd9e4c0b2..aab420e707 100644
--- a/manage_user_proj_delete.php
+++ b/manage_user_proj_delete.php
@@ -65,7 +65,7 @@
# Confirm with the user
helper_ensure_confirmed( lang_get( 'remove_user_sure_msg' ) .
- '
' . lang_get( 'project_name_label' ) . lang_get( 'word_separator' ) . $t_project_name,
+ '
' . lang_get( 'project_name_label' ) . lang_get( 'word_separator' ) . string_attribute( $t_project_name ),
lang_get( 'remove_user_button' ) );
project_remove_user( $f_project_id, $f_user_id );