From bffd3f230470f435ccd3b1eb810c166dbc90125f Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Thu, 13 Apr 2017 18:33:40 -0400
Subject: [PATCH] Add htmlentities to protect nick/addr in acl_lookup

---
 include/acl_selectors.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/acl_selectors.php b/include/acl_selectors.php
index 4cc810fb5c..9c3eab58ba 100644
--- a/include/acl_selectors.php
+++ b/include/acl_selectors.php
@@ -639,13 +639,13 @@ function acl_lookup(App $a, $out_type = 'json') {
 
 				if (count($contact) > 0) {
 					$unknown_contacts[] = array(
-						'type'    => 'cu',
+						'type'    => 'c',
 						'photo'   => proxy_url($contact['micro'], false, PROXY_SIZE_MICRO),
 						'name'    => htmlentities($contact['name']),
 						'id'      => intval($contact['cid']),
 						'network' => $contact['network'],
 						'link'    => $contact['url'],
-						'nick'    => $contact['nick'] ? : $contact['addr'],
+						'nick'    => htmlentities($contact['nick'] ? : $contact['addr']),
 						'forum'   => $contact['forum']
 					);
 				}