Browse Source

Add htmlentities to protect nick/addr in acl_lookup

pull/3319/head
Hypolite Petovan 4 years ago
parent
commit
bffd3f2304
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      include/acl_selectors.php

+ 2
- 2
include/acl_selectors.php View File

@ -639,13 +639,13 @@ function acl_lookup(App $a, $out_type = 'json') {
if (count($contact) > 0) {
$unknown_contacts[] = array(
'type' => 'cu',
'type' => 'c',
'photo' => proxy_url($contact['micro'], false, PROXY_SIZE_MICRO),
'name' => htmlentities($contact['name']),
'id' => intval($contact['cid']),
'network' => $contact['network'],
'link' => $contact['url'],
'nick' => $contact['nick'] ? : $contact['addr'],
'nick' => htmlentities($contact['nick'] ? : $contact['addr']),
'forum' => $contact['forum']
);
}


Loading…
Cancel
Save