Skip to content
Permalink
Browse files Browse the repository at this point in the history
Encode user descr before output. Fixes #103241
  • Loading branch information
jim-p committed Mar 9, 2020
1 parent 86a89e4 commit 3c1e53d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/usr/local/www/system_usermanager_addprivs.php
Expand Up @@ -157,7 +157,7 @@ function get_root_priv_item_text() {

$name_string = $a_user['name'];
if (!empty($a_user['descr'])) {
$name_string .= " ({$a_user['descr']})";
$name_string .= " (" . htmlspecialchars($a_user['descr']) . ")";
}

$section->addInput(new Form_StaticText(
Expand Down

0 comments on commit 3c1e53d

Please sign in to comment.