Skip to content
Snippets Groups Projects
Commit e8305daa authored by Matthias Meusburger's avatar Matthias Meusburger
Browse files

dev#15122: Sanitize output for user's pseudo, name and surname in authentication box.

 - Use builtin escape function instead of htmlspecialchars
parent c89e41e1
1 merge request!294Rf15122 Champ Pseudo
......@@ -30,12 +30,12 @@ class ZendAfi_View_Helper_Abonne_NamesOrLogin extends Zend_View_Helper_HtmlEleme
}
protected function userPseudo($user) {
return htmlspecialchars($user->getPseudo());
return $this->view->escape($user->getPseudo());
}
protected function userNames($user) {
return htmlspecialchars($user->getPrenom()). $this->view->tag('span', htmlspecialchars($user->getNom()), ['data-name' => 'last-name']);
return $this->view->escape($user->getPrenom()). $this->view->tag('span', $this->view->escape($user->getNom()), ['data-name' => 'last-name']);
}
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment