From 269829b175dac7bf3f2128fbd5c55ba08f48d2d0 Mon Sep 17 00:00:00 2001 From: INOPIAE Date: Sun, 9 Aug 2015 18:11:52 +0200 Subject: [PATCH] bug 932: added escaping with htmlspecialchars function for user name --- manager/application/views/helpers/UserInfo.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manager/application/views/helpers/UserInfo.php b/manager/application/views/helpers/UserInfo.php index bf98f1b..b0f8703 100644 --- a/manager/application/views/helpers/UserInfo.php +++ b/manager/application/views/helpers/UserInfo.php @@ -82,7 +82,7 @@ class Zend_View_Helper_UserInfo extends Zend_View_Helper_Placeholder_Container_S $output .= $indent . "
\n"; $output .= $indent . "\tUser: " . $this->items['authed_username'] . "
\n"; - $output .= $indent . "\tName: " . $this->items['authed_fname'] . ' ' . $this->items['authed_lname'] . "
\n"; + $output .= $indent . "\tName: " . htmlentities(strip_tags($this->items['authed_fname'] . ' ' . $this->items['authed_lname']), ENT_QUOTES, 'ISO-8859-1') . "
\n"; $output .= $indent . "\tRole: " . $this->items['authed_role'] . "
\n"; if ($this->items['authed_by_crt'] === true) $output .= $indent . "\tLoginmethod: CRT
\n";