Browse code

XSS in DB-Benutzer

Hanno authored on 09/03/2019 09:32:01
Showing 1 changed files
... ...
@@ -64,7 +64,7 @@ if (count($dbs) > 0 || count($users) > 0) {
64 64
         //$username = str_replace('_', '_ ', $user['username']);
65 65
         $desc = '';
66 66
         if ($user['description']) {
67
-            $desc = '<br /><span style="font-weight: normal; font-size: 80%; font-style: italic;">'.$user['description'].'</span>';
67
+            $desc = '<br /><span style="font-weight: normal; font-size: 80%; font-style: italic;">'.filter_input_general($user['description']).'</span>';
68 68
         }
69 69
         output("<th><span title=\"Erstellt: {$user['created']}\">{$username}</span>".$desc);
70 70
         output("<br />".internal_link('description', other_icon("comment.png", 'Beschreibung ändern'), "username={$username}")."&#160;");