Fixed issue #19036: Stored XSS via user's username (#3393)

Co-authored-by: lapiudevgit <devgit@lapiu.biz>
LimeSurvey · Aug 28, 2023 · be839a7 · be839a7
1 parent bf6b4f1
commit be839a7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/application/views/userManagement/partial/addedituser.php b/application/views/userManagement/partial/addedituser.php
@@ -27,7 +27,7 @@
         <?php if ($oUser->isNewRecord) : ?>
             <?= $form->textField($oUser, 'users_name', ['id' => 'User_Form_users_name', 'required' => 'required']) ?>
         <?php else : ?>
-            <input class="form-control" type="text" value="<?= $oUser->users_name ?>" disabled="true"/>
+            <input class="form-control" type="text" value="<?= CHtml::encode($oUser->users_name) ?>" disabled="true"/>
         <?php endif; ?>
 
         <?php echo $form->error($oUser, 'users_name'); ?>