diff options
author | cash <cash.costello@gmail.com> | 2013-03-12 13:09:51 -0400 |
---|---|---|
committer | cash <cash.costello@gmail.com> | 2013-03-12 13:09:51 -0400 |
commit | a313f38890eec3b870c94476a79afce7d606c222 (patch) | |
tree | 6aeda09a735bdcb4482c193f9e54d9d26fd386bc | |
parent | c33f667ac5bcd531d274c891a1c5e14f7505d5f6 (diff) | |
download | elgg-a313f38890eec3b870c94476a79afce7d606c222.tar.gz elgg-a313f38890eec3b870c94476a79afce7d606c222.tar.bz2 |
Refs #4953 sanitize group name when updating collection name
-rw-r--r-- | mod/groups/actions/groups/edit.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index f04ef60db..f19b90566 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -56,7 +56,8 @@ if (sizeof($input) > 0) { foreach($input as $shortname => $value) { // update access collection name if group name changes if (!$is_new_group && $shortname == 'name' && $value != $group->name) { - $ac_name = elgg_echo('groups:group') . ": " . $value; + $group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8'); + $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name); $acl = get_access_collection($group->group_acl); if ($acl) { // @todo Elgg api does not support updating access collection name |