diff options
| author | Vadim Nevorotin <malamut@ubuntu.ru> | 2010-10-31 14:25:01 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2010-10-31 14:25:01 +0100 |
| commit | d9e0d8dc6f6c9b9f18ce2e33041ae4fc23f77a4e (patch) | |
| tree | 5920614928e63bc11fbe07ba9bc7f4ad5748a442 /inc/template.php | |
| parent | 41c27d5a7c577979cacd974b3763904192487637 (diff) | |
| download | rpg-d9e0d8dc6f6c9b9f18ce2e33041ae4fc23f77a4e.tar.gz rpg-d9e0d8dc6f6c9b9f18ce2e33041ae4fc23f77a4e.tar.bz2 | |
Fix XSS vulnerability FS#2085
Diffstat (limited to 'inc/template.php')
| -rw-r--r-- | inc/template.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/template.php b/inc/template.php index c2ce130ff..cb98c83d7 100644 --- a/inc/template.php +++ b/inc/template.php @@ -796,7 +796,7 @@ function tpl_userinfo(){ global $lang; global $INFO; if(isset($_SERVER['REMOTE_USER'])){ - print $lang['loggedinas'].': '.$INFO['userinfo']['name'].' ('.$_SERVER['REMOTE_USER'].')'; + print $lang['loggedinas'].': '.hsc($INFO['userinfo']['name']).' ('.hsc($_SERVER['REMOTE_USER']).')'; return true; } return false; |