From 72892ed140d2bf8e60b8a17ca8ec39bd92e59ee5 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 17 Jul 2009 12:40:26 +0000
Subject: Closes #1131: htmlentities in view around user text

git-svn-id: https://code.elgg.org/elgg/trunk@3408 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 mod/groups/views/default/object/groupforumtopic.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'mod/groups/views/default/object/groupforumtopic.php')

diff --git a/mod/groups/views/default/object/groupforumtopic.php b/mod/groups/views/default/object/groupforumtopic.php
index a6d214fcf..a35aa3f87 100644
--- a/mod/groups/views/default/object/groupforumtopic.php
+++ b/mod/groups/views/default/object/groupforumtopic.php
@@ -11,7 +11,7 @@
 	 */
 	 
     //get the required variables
-    $title = $vars['entity']->title;
+    $title = htmlentities($vars['entity']->title, ENT_QUOTES, 'UTF-8');
     //$description = get_entity($vars['entity']->description);
     $topic_owner = get_user($vars['entity']->owner_guid);
     $group = get_entity($vars['entity']->container_guid);
@@ -40,7 +40,7 @@
 		$icon = elgg_view("profile/icon",array('entity' => $group, 'size' => 'small'));
 	    //get the group and topic title
 	    if ($group instanceof ElggGroup)
-	    	$info .= "<p>" . elgg_echo('group') . ": <a href=\"{$group->getURL()}\">{$group->name}</a></p>";
+	    	$info .= "<p>" . elgg_echo('group') . ": <a href=\"{$group->getURL()}\">".htmlentities($group->name, ENT_QUOTES, 'UTF-8') ."</a></p>";
 	    
 		$info .= "<p>" . elgg_echo('topic') . ": <a href=\"{$vars['url']}mod/groups/topicposts.php?topic={$vars['entity']->guid}&group_guid={$group->guid}\">{$title}</a></p>";
 		//get the forum description
-- 
cgit v1.2.3