From 1c21401751d28d1f6cbcae0611cf072cf1a5de50 Mon Sep 17 00:00:00 2001
From: Michael Vogel <icarus@dabo.de>
Date: Fri, 9 Oct 2015 23:27:00 +0200
Subject: [PATCH] acl lookup now works fine as well.

---
 include/acl_selectors.php | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/include/acl_selectors.php b/include/acl_selectors.php
index 05856bd217..a1154399a7 100644
--- a/include/acl_selectors.php
+++ b/include/acl_selectors.php
@@ -392,7 +392,6 @@ function acl_lookup(&$a, $out_type = 'json') {
 	if(!local_user())
 		return "";
 
-
 	$start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
 	$count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
 	$search = (x($_REQUEST,'search')?$_REQUEST['search']:"");
@@ -492,7 +491,7 @@ function acl_lookup(&$a, $out_type = 'json') {
 			$groups[] = array(
 				"type"  => "g",
 				"photo" => "images/twopeople.png",
-				"name"  => $g['name'],
+				"name"  => htmlentities($g['name']),
 				"id"	=> intval($g['id']),
 				"uids"  => array_map("intval", explode(",",$g['uids'])),
 				"link"  => '',
@@ -547,7 +546,7 @@ function acl_lookup(&$a, $out_type = 'json') {
 			foreach($r as $g) {
 				$x['photos'][] = proxy_url($g['micro'], false, PROXY_SIZE_MICRO);
 				$x['links'][] = $g['url'];
-				$x['suggestions'][] = $g['name'];
+				$x['suggestions'][] = htmlentities($g['name']);
 				$x['data'][] = intval($g['id']);
 			}
 		}
@@ -560,11 +559,11 @@ function acl_lookup(&$a, $out_type = 'json') {
 			$contacts[] = array(
 				"type"  => "c",
 				"photo" => proxy_url($g['micro'], false, PROXY_SIZE_MICRO),
-				"name"  => $g['name'],
+				"name"  => htmlentities($g['name']),
 				"id"	=> intval($g['id']),
 				"network" => $g['network'],
 				"link" => $g['url'],
-				"nick" => ($g['attag']) ? $g['attag'] : $g['nick'],
+				"nick" => htmlentities(($g['attag']) ? $g['attag'] : $g['nick']),
 				"forum" => $g['forum']
 			);
 		}
@@ -605,11 +604,11 @@ function acl_lookup(&$a, $out_type = 'json') {
 				$unknow_contacts[] = array(
 					"type"  => "c",
 					"photo" => proxy_url($row['author-avatar'], false, PROXY_SIZE_MICRO),
-					"name"  => $row['author-name'],
+					"name"  => htmlentities($row['author-name']),
 					"id"	=> '',
 					"network" => "unknown",
 					"link" => $row['author-link'],
-					"nick" => $nick,
+					"nick" => htmlentities($nick),
 					"forum" => false
 				);
 			}