summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorINOPIAE <inopiae@cacert.org>2015-08-09 18:11:52 +0200
committerBenny Baumann <BenBE@geshi.org>2015-08-09 22:49:23 +0200
commit269829b175dac7bf3f2128fbd5c55ba08f48d2d0 (patch)
treec0727b82566b439ff9c32b8386e0eecfe4959463
parent51d8dffac8e1c6a897ff513669bcc87928e17e79 (diff)
downloadcacert-mgr-269829b175dac7bf3f2128fbd5c55ba08f48d2d0.tar.gz
cacert-mgr-269829b175dac7bf3f2128fbd5c55ba08f48d2d0.tar.xz
cacert-mgr-269829b175dac7bf3f2128fbd5c55ba08f48d2d0.zip
bug 932: added escaping with htmlspecialchars function for user name
-rw-r--r--manager/application/views/helpers/UserInfo.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/manager/application/views/helpers/UserInfo.php b/manager/application/views/helpers/UserInfo.php
index bf98f1b..b0f8703 100644
--- a/manager/application/views/helpers/UserInfo.php
+++ b/manager/application/views/helpers/UserInfo.php
@@ -82,7 +82,7 @@ class Zend_View_Helper_UserInfo extends Zend_View_Helper_Placeholder_Container_S
$output .= $indent . "<div id=\"userinfo\">\n";
$output .= $indent . "\tUser: " . $this->items['authed_username'] . "<br>\n";
- $output .= $indent . "\tName: " . $this->items['authed_fname'] . ' ' . $this->items['authed_lname'] . "<br>\n";
+ $output .= $indent . "\tName: " . htmlentities(strip_tags($this->items['authed_fname'] . ' ' . $this->items['authed_lname']), ENT_QUOTES, 'ISO-8859-1') . "<br>\n";
$output .= $indent . "\tRole: " . $this->items['authed_role'] . "<br>\n";
if ($this->items['authed_by_crt'] === true)
$output .= $indent . "\tLoginmethod: CRT<br>\n";