Skip to content

Commit 3c1e53d

Browse files
committed
Encode user descr before output. Fixes #103241
1 parent 86a89e4 commit 3c1e53d

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: src/usr/local/www/system_usermanager_addprivs.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -157,7 +157,7 @@ function get_root_priv_item_text() {
157157

158158
$name_string = $a_user['name'];
159159
if (!empty($a_user['descr'])) {
160-
$name_string .= " ({$a_user['descr']})";
160+
$name_string .= " (" . htmlspecialchars($a_user['descr']) . ")";
161161
}
162162

163163
$section->addInput(new Form_StaticText(

0 commit comments

Comments
 (0)