http://www.atutor.ca/atutor/mantis/view.php?id=2858

author joel kronenberg <joel.kronenberg@utoronto.ca>

Wed, 29 Nov 2006 15:41:14 +0000 (15:41 -0000)

committer joel kronenberg <joel.kronenberg@utoronto.ca>

Wed, 29 Nov 2006 15:41:14 +0000 (15:41 -0000)
author joel kronenberg <joel.kronenberg@utoronto.ca>
Wed, 29 Nov 2006 15:41:14 +0000 (15:41 -0000)
committer joel kronenberg <joel.kronenberg@utoronto.ca>
Wed, 29 Nov 2006 15:41:14 +0000 (15:41 -0000)
diff --git a/docs/tools/groups/edit_group.php b/docs/tools/groups/edit_group.php

index 3a70e9e..38a622d 100644 (file)
--- a/docs/tools/groups/edit_group.php
+++ b/docs/tools/groups/edit_group.php
@@ -104,12 +104,12 @@ $row['modules'] = explode('|', $row['modules']);
  \r
         <div class="row">\r
                 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="title"><?php echo _AT('title'); ?></label><br />\r
-               <input type="text" name="title" id="title" value="<?php echo $row['title']; ?>" size="20" maxlength="40" />\r
+               <input type="text" name="title" id="title" value="<?php echo htmlspecialchars($row['title']); ?>" size="20" maxlength="40" />\r
         </div>\r
  \r
         <div class="row">\r
                 <label for="description"><?php echo _AT('description'); ?>:</label><br />\r
-               <textarea name="description" id="description" cols="10" rows="2"><?php echo $row['description']; ?></textarea>\r
+               <textarea name="description" id="description" cols="10" rows="2"><?php echo htmlspecialchars($row['description']); ?></textarea>\r
         </div>\r
  \r
         <div class="row">\r
author	joel kronenberg <joel.kronenberg@utoronto.ca>
	Wed, 29 Nov 2006 15:41:14 +0000 (15:41 -0000)
committer	joel kronenberg <joel.kronenberg@utoronto.ca>
	Wed, 29 Nov 2006 15:41:14 +0000 (15:41 -0000)