Escaping group name.

diff --git a/useradmin/edit_user.cgi b/useradmin/edit_user.cgi
index 5aaf413..a85ed12 100755 (executable)
--- a/useradmin/edit_user.cgi
+++ b/useradmin/edit_user.cgi
@@ -452,7 +452,7 @@ if ($config{'secmode'} == 0) {
        foreach $g (@glist) {
                next if (!&can_use_group(\%access, $g->{'group'}) &&
                         !$ingroups{$g->{'group'}});
-               push(@canglist, [ $g->{'group'}, $g->{'group'} ]);
+               push(@canglist, [ $g->{'group'}, &html_escape($g->{'group'}) ]);
                }
        @ingroups = map { [ $_, $_ ] } sort { $a cmp $b }
                        grep { $ingroups{$_} } (keys %ingroups);