dev#15122: Sanitize output for user's pseudo, name and surname in authentication box.

- Use builtin escape function instead of htmlspecialchars

dev#15122: Sanitize output for user's pseudo, name and surname in authentication box.
- Use builtin escape function instead of htmlspecialchars
e8305daa · Matthias Meusburger · c89e41e1 · e8305daa
Commit e8305daa authored 10 years ago by Matthias Meusburger
--- a/library/ZendAfi/View/Helper/Abonne/NamesOrLogin.php
+++ b/library/ZendAfi/View/Helper/Abonne/NamesOrLogin.php
@@ -30,12 +30,12 @@ class ZendAfi_View_Helper_Abonne_NamesOrLogin extends Zend_View_Helper_HtmlEleme
 	}

 	protected function userPseudo($user) {
-		return htmlspecialchars($user->getPseudo());
+		return $this->view->escape($user->getPseudo());
 	}

 	
 	protected function userNames($user) {
-		return htmlspecialchars($user->getPrenom()). $this->view->tag('span', htmlspecialchars($user->getNom()), ['data-name' => 'last-name']);
+		return $this->view->escape($user->getPrenom()). $this->view->tag('span', $this->view->escape($user->getNom()), ['data-name' => 'last-name']);
 		
 	}
 }