@@ -2316,11 +2316,11 @@ sub users_table
23162316 push (@cols , " " ) if ($anyedit && $u -> {' noedit' });
23172317 push (@cols , &user_link($u ));
23182318 push (@cols , $u -> {' uid' });
2319- push (@cols , $gidgrp {$u -> {' gid' }}|| $u -> {' gid' });
2320- push (@cols , $u -> {' real' });
2321- push (@cols , $u -> {' home' });
2322- push (@cols , $u -> {' shell' });
2323- push (@cols , $llogin {$u -> {' user' }}) if ($lshow );
2319+ push (@cols , $gidgrp {$u -> {' gid' }} || $u -> {' gid' });
2320+ push (@cols , &html_escape( $u -> {' real' }) );
2321+ push (@cols , &html_escape( $u -> {' home' }) );
2322+ push (@cols , &html_escape( $u -> {' shell' }) );
2323+ push (@cols , &html_escape( $llogin {$u -> {' user' }}) ) if ($lshow );
23242324 if ($u -> {' noedit' }) {
23252325 print &ui_columns_row(\@cols , \@tds );
23262326 }
@@ -2387,7 +2387,7 @@ sub groups_table
23872387 push (@cols , &group_link($g ));
23882388 push (@cols , $g -> {' gid' });
23892389 if ($anydesc ) {
2390- push (@cols , $g -> {' desc' });
2390+ push (@cols , &html_escape( $g -> {' desc' }) );
23912391 }
23922392 push (@cols , &html_escape($members ));
23932393 if ($g -> {' noedit' } || !$access {' gdelete' }) {
0 commit comments