diff options
| author |   Graham Eames <grahamje@users.sourceforge.net> | 2006-01-26 20:36:54 +0000 |
|---|---|---|
| committer | Graham Eames <grahamje@users.sourceforge.net> | 2006-01-26 20:36:54 +0000 |
| commit | 722fbae7c06dd321e328ab83c4041efe4c96aa63 (patch) | |
| tree | 9de9d7e2bd08abcf9a452bbdb11e8565bf1a3354 | |
| parent | Changes to word censors in the admin panel (diff) | |
| download | phpbb-722fbae7c06dd321e328ab83c4041efe4c96aa63.tar.gz phpbb-722fbae7c06dd321e328ab83c4041efe4c96aa63.tar.bz2 phpbb-722fbae7c06dd321e328ab83c4041efe4c96aa63.zip | |
Escape the group name to prevent a few common support issues
NB: We still allow HTML in group names because some administrators use it (this is designed behaviour)
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5495 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/admin/admin_groups.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/admin/admin_groups.php b/phpBB/admin/admin_groups.php index 2b125e2f2d..1074475afb 100644 --- a/phpBB/admin/admin_groups.php +++ b/phpBB/admin/admin_groups.php @@ -250,7 +250,7 @@ else if ( isset($HTTP_POST_VARS['group_update']) ) else { $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN; - $group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : ''; + $group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : ''; $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : ''; $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false; |