From a313f38890eec3b870c94476a79afce7d606c222 Mon Sep 17 00:00:00 2001 From: cash Date: Tue, 12 Mar 2013 13:09:51 -0400 Subject: Refs #4953 sanitize group name when updating collection name --- mod/groups/actions/groups/edit.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index f04ef60db..f19b90566 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -56,7 +56,8 @@ if (sizeof($input) > 0) { foreach($input as $shortname => $value) { // update access collection name if group name changes if (!$is_new_group && $shortname == 'name' && $value != $group->name) { - $ac_name = elgg_echo('groups:group') . ": " . $value; + $group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8'); + $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name); $acl = get_access_collection($group->group_acl); if ($acl) { // @todo Elgg api does not support updating access collection name -- cgit v1.2.3