diff options
| author | Steve Clay <steve@mrclay.org> | 2013-02-04 21:03:03 -0500 |
|---|---|---|
| committer | cash <cash.costello@gmail.com> | 2013-02-09 09:38:08 -0500 |
| commit | 17d6bd620d5b4712ca01f5318170384804004a9e (patch) | |
| tree | 6dd5d9316521f2716c68402fbbd2b724fe025960 /engine/lib/users.php | |
| parent | 54e9ea8423085ac50f0955480b1671295e851eef (diff) | |
| download | elgg-17d6bd620d5b4712ca01f5318170384804004a9e.tar.gz elgg-17d6bd620d5b4712ca01f5318170384804004a9e.tar.bz2 | |
Normalized escaping, escape $user->location just in case
Diffstat (limited to 'engine/lib/users.php')
| -rw-r--r-- | engine/lib/users.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php index 19f4e434d..4a585c07f 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -835,7 +835,7 @@ function validate_username($username) { for ($n = 0; $n < strlen($blacklist2); $n++) { if (strpos($username, $blacklist2[$n]) !== false) { $msg = elgg_echo('registration:invalidchars', array($blacklist2[$n], $blacklist2)); - $msg = htmlentities($msg, ENT_COMPAT, 'UTF-8'); + $msg = htmlspecialchars($msg, ENT_QUOTES, 'UTF-8'); throw new RegistrationException($msg); } } @@ -1331,9 +1331,10 @@ function elgg_users_setup_entity_menu($hook, $type, $return, $params) { } else { $return = array(); if (isset($entity->location)) { + $location = htmlspecialchars($entity->location, ENT_QUOTES, 'UTF-8', false); $options = array( 'name' => 'location', - 'text' => "<span>$entity->location</span>", + 'text' => "<span>$location</span>", 'href' => false, 'priority' => 150, ); |