Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: added missing conversion to HTML entities
  • Loading branch information
thorsten committed Dec 19, 2022
1 parent 53099a9 commit 810ee26
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 4 deletions.
3 changes: 2 additions & 1 deletion phpmyfaq/admin/ajax.user.php
Expand Up @@ -22,6 +22,7 @@
use phpMyFAQ\Helper\HttpHelper;
use phpMyFAQ\Helper\MailHelper;
use phpMyFAQ\Permission;
use phpMyFAQ\Strings;
use phpMyFAQ\User;

if (!defined('IS_VALID_PHPMYFAQ')) {
Expand Down Expand Up @@ -63,7 +64,7 @@
$userdata = [];
$userdata = $user->userdata->get('*');
$userdata['status'] = $user->getStatus();
$userdata['login'] = $user->getLogin();
$userdata['login'] = Strings::htmlentities($user->getLogin());
$userdata['is_superadmin'] = $user->isSuperAdmin();
$http->sendJsonWithHeaders($userdata);
break;
Expand Down
2 changes: 1 addition & 1 deletion phpmyfaq/ajaxservice.php
Expand Up @@ -758,7 +758,7 @@
}

$userId = Filter::filterInput(INPUT_POST, 'userid', FILTER_VALIDATE_INT);
$userName = Filter::filterInput(INPUT_POST, 'name', FILTER_UNSAFE_RAW);
$userName = Filter::filterInput(INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS);
$email = Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$isVisible = Filter::filterInput(INPUT_POST, 'is_visible', FILTER_UNSAFE_RAW);
$password = Filter::filterInput(INPUT_POST, 'password', FILTER_UNSAFE_RAW);
Expand Down
2 changes: 1 addition & 1 deletion phpmyfaq/index.php
Expand Up @@ -565,7 +565,7 @@
$PMF_LANG['msgRegistration'] . '</a>' : '',
'sendPassword' => '<a href="?action=password">' . $PMF_LANG['lostPassword'] . '</a>',
'msgFullName' => $PMF_LANG['ad_user_loggedin'] . $user->getLogin(),
'msgLoginName' => $user->getUserData('display_name'),
'msgLoginName' => Strings::htmlentities($user->getUserData('display_name')),
'loginHeader' => $PMF_LANG['msgLoginUser'],
'loginMessage' => $loginMessage,
'writeLoginPath' => Strings::htmlentities($faqSystem->getSystemUri($faqConfig)) . '?' . Filter::getFilteredQueryString(),
Expand Down
3 changes: 2 additions & 1 deletion phpmyfaq/ucp.php
Expand Up @@ -16,6 +16,7 @@
*/

use phpMyFAQ\Services\Gravatar;
use phpMyFAQ\Strings;

if (!defined('IS_VALID_PHPMYFAQ')) {
http_response_code(400);
Expand Down Expand Up @@ -51,7 +52,7 @@
'csrf' => $user->getCsrfTokenFromSession(),
'readonly' => $faqConfig->isLdapActive() ? 'readonly' : '',
'msgRealName' => $PMF_LANG['ad_user_name'],
'realname' => $user->getUserData('display_name'),
'realname' => Strings::htmlentities($user->getUserData('display_name')),
'msgEmail' => $PMF_LANG['msgNewContentMail'],
'email' => $user->getUserData('email'),
'msgIsVisible' => $PMF_LANG['ad_user_data_is_visible'],
Expand Down

0 comments on commit 810ee26

Please sign in to comment.