[ros-diffs] [cfinck] 36553: Escape characters for people using <, >, & or " in their full name
cfinck at svn.reactos.org
cfinck at svn.reactos.org
Sat Sep 27 20:42:54 CEST 2008
Author: cfinck
Date: Sat Sep 27 13:42:53 2008
New Revision: 36553
URL: http://svn.reactos.org/svn/reactos?rev=36553&view=rev
Log:
Escape characters for people using <, >, & or " in their full name
Modified:
trunk/web/reactos.org/htdocs/peoplemap/ajax-getuser.php
Modified: trunk/web/reactos.org/htdocs/peoplemap/ajax-getuser.php
URL: http://svn.reactos.org/svn/reactos/trunk/web/reactos.org/htdocs/peoplemap/ajax-getuser.php?rev=36553&r1=36552&r2=36553&view=diff
==============================================================================
--- trunk/web/reactos.org/htdocs/peoplemap/ajax-getuser.php [iso-8859-1] (original)
+++ trunk/web/reactos.org/htdocs/peoplemap/ajax-getuser.php [iso-8859-1] Sat Sep 27 13:42:53 2008
@@ -75,7 +75,7 @@
echo "<user>";
printf("<id>%u</id>", $row[0]);
printf("<username>%s</username>", $row[1]);
- printf("<fullname>%s</fullname>", $row[2]);
+ printf("<fullname>%s</fullname>", htmlspecialchars($row[2]));
printf("<latitude>%s</latitude>", $row[3]);
printf("<longitude>%s</longitude>", $row[4]);
echo "</user>";
More information about the Ros-diffs
mailing list