diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-10 18:34:14 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-10 18:34:14 +0000 |
commit | 5788ca8fea363eb5b5298a46b7f087ff3bec953d (patch) | |
tree | 981336b31718e07654e106c215d23be7acbde918 /mod/profile | |
parent | 32ff3c6ef94119299a51e77ca97193a46e9c224b (diff) | |
download | elgg-5788ca8fea363eb5b5298a46b7f087ff3bec953d.tar.gz elgg-5788ca8fea363eb5b5298a46b7f087ff3bec953d.tar.bz2 |
XSS filtering on output
git-svn-id: https://code.elgg.org/elgg/trunk@2710 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/profile')
-rw-r--r-- | mod/profile/views/default/profile/userdetails.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/mod/profile/views/default/profile/userdetails.php b/mod/profile/views/default/profile/userdetails.php index f22301aef..58baa66e3 100644 --- a/mod/profile/views/default/profile/userdetails.php +++ b/mod/profile/views/default/profile/userdetails.php @@ -101,8 +101,8 @@ $even_odd = ( 'odd' != $even_odd ) ? 'odd' : 'even';
- echo "<p class=\"{$even_odd}\">";
?>
+ <p class="<?php echo $even_odd; ?>">
<b><?php
echo elgg_echo("profile:{$shortname}");
@@ -133,7 +133,7 @@ <td colspan="2">
<div id="profile_info_column_right">
<p class="profile_aboutme_title"><b><?php echo elgg_echo("profile:aboutme"); ?></b></p>
- <?php echo autop($vars['entity']->description); ?>
+ <?php echo autop(filter_tags($vars['entity']->description)); ?>
<?php if ($vars['entity']->isBanned()) { ?>
<div id="profile_banned">
|