Fix possible XSS attack due to user's real name not being escaped

webmin · Apr 24, 2011 · 46e3d3a · 46e3d3a
1 parent ae541df
commit 46e3d3a
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/useradmin/user-lib.pl b/useradmin/user-lib.pl
@@ -2316,11 +2316,11 @@ sub users_table
 	push(@cols, "") if ($anyedit && $u->{'noedit'});
 	push(@cols, &user_link($u));
 	push(@cols, $u->{'uid'});
-	push(@cols, $gidgrp{$u->{'gid'}}||$u->{'gid'});
-	push(@cols, $u->{'real'});
-	push(@cols, $u->{'home'});
-	push(@cols, $u->{'shell'});
-	push(@cols, $llogin{$u->{'user'}}) if ($lshow);
+	push(@cols, $gidgrp{$u->{'gid'}} || $u->{'gid'});
+	push(@cols, &html_escape($u->{'real'}));
+	push(@cols, &html_escape($u->{'home'}));
+	push(@cols, &html_escape($u->{'shell'}));
+	push(@cols, &html_escape($llogin{$u->{'user'}})) if ($lshow);
 	if ($u->{'noedit'}) {
 		print &ui_columns_row(\@cols, \@tds);
 		}
@@ -2387,7 +2387,7 @@ sub groups_table
 	push(@cols, &group_link($g));
 	push(@cols, $g->{'gid'});
 	if ($anydesc) {
-		push(@cols, $g->{'desc'});
+		push(@cols, &html_escape($g->{'desc'}));
 		}
 	push(@cols, &html_escape($members));
 	if ($g->{'noedit'} || !$access{'gdelete'}) {