From d9e0d8dc6f6c9b9f18ce2e33041ae4fc23f77a4e Mon Sep 17 00:00:00 2001
From: Vadim Nevorotin <malamut@ubuntu.ru>
Date: Sun, 31 Oct 2010 14:25:01 +0100
Subject: Fix XSS vulnerability FS#2085

---
 inc/template.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc')

diff --git a/inc/template.php b/inc/template.php
index c2ce130ff..cb98c83d7 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -796,7 +796,7 @@ function tpl_userinfo(){
     global $lang;
     global $INFO;
     if(isset($_SERVER['REMOTE_USER'])){
-        print $lang['loggedinas'].': '.$INFO['userinfo']['name'].' ('.$_SERVER['REMOTE_USER'].')';
+        print $lang['loggedinas'].': '.hsc($INFO['userinfo']['name']).' ('.hsc($_SERVER['REMOTE_USER']).')';
         return true;
     }
     return false;
-- 
cgit v1.2.3