Escaping username and group names.

author Javier Bassi <profetasdelmetal@gmail.com>

Wed, 19 Oct 2011 01:47:38 +0000 (23:47 -0200)

committer Javier Bassi <profetasdelmetal@gmail.com>

Wed, 19 Oct 2011 01:47:38 +0000 (23:47 -0200)
author Javier Bassi <profetasdelmetal@gmail.com>
Wed, 19 Oct 2011 01:47:38 +0000 (23:47 -0200)
committer Javier Bassi <profetasdelmetal@gmail.com>
Wed, 19 Oct 2011 01:47:38 +0000 (23:47 -0200)
diff --git a/useradmin/my_group_chooser.cgi b/useradmin/my_group_chooser.cgi

index f1c8108..509e216 100755 (executable)
--- a/useradmin/my_group_chooser.cgi
+++ b/useradmin/my_group_chooser.cgi
@@ -142,8 +142,8 @@ else {
         foreach $u (&get_groups_list()) {
                 if ($in{'group'} eq $u->[0]) { print "<tr $cb>\n"; }
                 else { print "<tr>\n"; }
-               print "<td width=20%><a href=\"\" onClick='return select(\"$u->[0]\")'>$u->[0]</a></td>\n";
-               print "<td>$u->[3]</td> </tr>\n";
+               print "<td width=20%><a href=\"\" onClick='return select(\"$u->[0]\")'>".&html_escape($u->[0])."</a></td>\n";
+               print "<td>".&html_escape($u->[3])."</td> </tr>\n";
                 }
         print "</table>\n";
         &popup_footer();
author	Javier Bassi <profetasdelmetal@gmail.com>
	Wed, 19 Oct 2011 01:47:38 +0000 (23:47 -0200)
committer	Javier Bassi <profetasdelmetal@gmail.com>
	Wed, 19 Oct 2011 01:47:38 +0000 (23:47 -0200)