aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/users.php
diff options
context:
space:
mode:
authorSteve Clay <steve@mrclay.org>2013-02-04 21:03:03 -0500
committercash <cash.costello@gmail.com>2013-02-09 09:38:08 -0500
commit17d6bd620d5b4712ca01f5318170384804004a9e (patch)
tree6dd5d9316521f2716c68402fbbd2b724fe025960 /engine/lib/users.php
parent54e9ea8423085ac50f0955480b1671295e851eef (diff)
downloadelgg-17d6bd620d5b4712ca01f5318170384804004a9e.tar.gz
elgg-17d6bd620d5b4712ca01f5318170384804004a9e.tar.bz2
Normalized escaping, escape $user->location just in case
Diffstat (limited to 'engine/lib/users.php')
-rw-r--r--engine/lib/users.php5
1 files changed, 3 insertions, 2 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 19f4e434d..4a585c07f 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -835,7 +835,7 @@ function validate_username($username) {
for ($n = 0; $n < strlen($blacklist2); $n++) {
if (strpos($username, $blacklist2[$n]) !== false) {
$msg = elgg_echo('registration:invalidchars', array($blacklist2[$n], $blacklist2));
- $msg = htmlentities($msg, ENT_COMPAT, 'UTF-8');
+ $msg = htmlspecialchars($msg, ENT_QUOTES, 'UTF-8');
throw new RegistrationException($msg);
}
}
@@ -1331,9 +1331,10 @@ function elgg_users_setup_entity_menu($hook, $type, $return, $params) {
} else {
$return = array();
if (isset($entity->location)) {
+ $location = htmlspecialchars($entity->location, ENT_QUOTES, 'UTF-8', false);
$options = array(
'name' => 'location',
- 'text' => "<span>$entity->location</span>",
+ 'text' => "<span>$location</span>",
'href' => false,
'priority' => 150,
);