Permalink
Browse files

Simple filtering on users autocompleter

  • Loading branch information...
1 parent 88e4865 commit 1d7e9ef6c7d7c9b4ae6b0a1d096a6a05828128c4 @cdujeu cdujeu committed Sep 13, 2016
Showing with 5 additions and 1 deletion.
  1. +5 −1 core/src/plugins/core.conf/AbstractConfDriver.php
@@ -1144,7 +1144,8 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
if (method_exists($this, "listUserTeams")) {
$teams = $this->listUserTeams($ctx->getUser());
foreach ($teams as $tId => $tData) {
- $users.= "<li class='complete_group_entry' data-group='/AJXP_TEAM/$tId' data-label=\"[team] ".$tData["LABEL"]."\"><span class='user_entry_label'>[team] ".$tData["LABEL"]."</span></li>";
+ $label = htmlentities($tData["LABEL"]);
+ $users.= "<li class='complete_group_entry' data-group='/AJXP_TEAM/$tId' data-label=\"[team] ".$label."\"><span class='user_entry_label'>[team] ".$label."</span></li>";
}
}
print("<ul>$users</ul>");
@@ -1221,6 +1222,9 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
$users = "";
$index = 0;
+ if(!empty($crtValue)){
+ $crtValue = InputFilter::sanitize($crtValue, InputFilter::SANITIZE_HTML_STRICT);
+ }
if ($regexp != null && (!count($allUsers) || (!empty($crtValue) && !array_key_exists(strtolower($crtValue), $allUsers))) && ConfService::getContextConf($ctx, "USER_CREATE_USERS", "conf") && !$existingOnly) {
$users .= "<li class='complete_user_entry_temp' data-temporary='true' data-label='$crtValue'><span class='user_entry_label'>$crtValue (".$mess["448"].")</span></li>";
} else if ($existingOnly && !empty($crtValue)) {

0 comments on commit 1d7e9ef

Please sign in to comment.