diff options
| author | cash <cash.costello@gmail.com> | 2013-03-12 13:09:51 -0400 |
|---|---|---|
| committer | cash <cash.costello@gmail.com> | 2013-03-12 13:09:51 -0400 |
| commit | a313f38890eec3b870c94476a79afce7d606c222 (patch) | |
| tree | 6aeda09a735bdcb4482c193f9e54d9d26fd386bc | |
| parent | c33f667ac5bcd531d274c891a1c5e14f7505d5f6 (diff) | |
| download | elgg-a313f38890eec3b870c94476a79afce7d606c222.tar.gz elgg-a313f38890eec3b870c94476a79afce7d606c222.tar.bz2 | |
Refs #4953 sanitize group name when updating collection name
| -rw-r--r-- | mod/groups/actions/groups/edit.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index f04ef60db..f19b90566 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -56,7 +56,8 @@ if (sizeof($input) > 0) { foreach($input as $shortname => $value) { // update access collection name if group name changes if (!$is_new_group && $shortname == 'name' && $value != $group->name) { - $ac_name = elgg_echo('groups:group') . ": " . $value; + $group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8'); + $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name); $acl = get_access_collection($group->group_acl); if ($acl) { // @todo Elgg api does not support updating access collection name |