diff options
author | Steve Clay <steve@mrclay.org> | 2013-01-17 11:05:16 -0500 |
---|---|---|
committer | Steve Clay <steve@mrclay.org> | 2013-01-17 11:23:28 -0500 |
commit | 2d365ba900e40494abeb306e3a881c91e2099ba6 (patch) | |
tree | 0764f23d77753a7404fbbbad4b4f78ac1abf425a /actions/friends/collections/add.php | |
parent | 3bbd27a2ed8281983e7af10fc9c5b326723c59a3 (diff) | |
download | elgg-2d365ba900e40494abeb306e3a881c91e2099ba6.tar.gz elgg-2d365ba900e40494abeb306e3a881c91e2099ba6.tar.bz2 |
Allow friend collection names to store arbitrary plain text
Diffstat (limited to 'actions/friends/collections/add.php')
-rw-r--r-- | actions/friends/collections/add.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 9dc17b37e..e63a149f7 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -6,7 +6,7 @@ * @subpackage Friends.Collections */ -$collection_name = get_input('collection_name'); +$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8'); $friends = get_input('friends_collection'); if (!$collection_name) { |