File tree 4 files changed +6
-4
lines changed
4 files changed +6
-4
lines changed Original file line number Diff line number Diff line change 2222use phpMyFAQ \Helper \HttpHelper ;
2323use phpMyFAQ \Helper \MailHelper ;
2424use phpMyFAQ \Permission ;
25+ use phpMyFAQ \Strings ;
2526use phpMyFAQ \User ;
2627
2728if (!defined ('IS_VALID_PHPMYFAQ ' )) {
6364 $ userdata = [];
6465 $ userdata = $ user ->userdata ->get ('* ' );
6566 $ userdata ['status ' ] = $ user ->getStatus ();
66- $ userdata ['login ' ] = $ user ->getLogin ();
67+ $ userdata ['login ' ] = Strings:: htmlentities ( $ user ->getLogin () );
6768 $ userdata ['is_superadmin ' ] = $ user ->isSuperAdmin ();
6869 $ http ->sendJsonWithHeaders ($ userdata );
6970 break ;
Original file line number Diff line number Diff line change 758758 }
759759
760760 $ userId = Filter::filterInput (INPUT_POST , 'userid ' , FILTER_VALIDATE_INT );
761- $ userName = Filter::filterInput (INPUT_POST , 'name ' , FILTER_UNSAFE_RAW );
761+ $ userName = Filter::filterInput (INPUT_POST , 'name ' , FILTER_SANITIZE_SPECIAL_CHARS );
762762 $ email = Filter::filterInput (INPUT_POST , 'email ' , FILTER_VALIDATE_EMAIL );
763763 $ isVisible = Filter::filterInput (INPUT_POST , 'is_visible ' , FILTER_UNSAFE_RAW );
764764 $ password = Filter::filterInput (INPUT_POST , 'password ' , FILTER_UNSAFE_RAW );
Original file line number Diff line number Diff line change 565565 $ PMF_LANG ['msgRegistration ' ] . '</a> ' : '' ,
566566 'sendPassword ' => '<a href="?action=password"> ' . $ PMF_LANG ['lostPassword ' ] . '</a> ' ,
567567 'msgFullName ' => $ PMF_LANG ['ad_user_loggedin ' ] . $ user ->getLogin (),
568- 'msgLoginName ' => $ user ->getUserData ('display_name ' ),
568+ 'msgLoginName ' => Strings:: htmlentities ( $ user ->getUserData ('display_name ' ) ),
569569 'loginHeader ' => $ PMF_LANG ['msgLoginUser ' ],
570570 'loginMessage ' => $ loginMessage ,
571571 'writeLoginPath ' => Strings::htmlentities ($ faqSystem ->getSystemUri ($ faqConfig )) . '? ' . Filter::getFilteredQueryString (),
Original file line number Diff line number Diff line change 1616 */
1717
1818use phpMyFAQ \Services \Gravatar ;
19+ use phpMyFAQ \Strings ;
1920
2021if (!defined ('IS_VALID_PHPMYFAQ ' )) {
2122 http_response_code (400 );
5152 'csrf ' => $ user ->getCsrfTokenFromSession (),
5253 'readonly ' => $ faqConfig ->isLdapActive () ? 'readonly ' : '' ,
5354 'msgRealName ' => $ PMF_LANG ['ad_user_name ' ],
54- 'realname ' => $ user ->getUserData ('display_name ' ),
55+ 'realname ' => Strings:: htmlentities ( $ user ->getUserData ('display_name ' ) ),
5556 'msgEmail ' => $ PMF_LANG ['msgNewContentMail ' ],
5657 'email ' => $ user ->getUserData ('email ' ),
5758 'msgIsVisible ' => $ PMF_LANG ['ad_user_data_is_visible ' ],
You can’t perform that action at this time.
0 commit comments