From 2d365ba900e40494abeb306e3a881c91e2099ba6 Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Thu, 17 Jan 2013 11:05:16 -0500 Subject: Allow friend collection names to store arbitrary plain text --- actions/friends/collections/add.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actions/friends/collections/add.php') diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 9dc17b37e..e63a149f7 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -6,7 +6,7 @@ * @subpackage Friends.Collections */ -$collection_name = get_input('collection_name'); +$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8'); $friends = get_input('friends_collection'); if (!$collection_name) { -- cgit v1.2.3