Escape user input in mod_privacy_odbc (EJAB-1442)

processone · Apr 26, 2011 · 3952888 · 3952888
1 parent 9b14538
commit 3952888
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/mod_privacy_odbc.erl b/src/mod_privacy_odbc.erl
@@ -751,9 +751,9 @@ item_to_raw(#listitem{type = Type,
 	    none ->
 		{"n", ""};
 	    jid ->
-		{"j", jlib:jid_to_string(Value)};
+		{"j", ejabberd_odbc:escape(jlib:jid_to_string(Value))};
 	    group ->
-		{"g", Value};
+		{"g", ejabberd_odbc:escape(Value)};
 	    subscription ->
 		case Value of
 		    none ->