Author: cfinck Date: Sat Sep 27 13:42:53 2008 New Revision: 36553 URL: http://svn.reactos.org/svn/reactos?rev=36553&view=rev Log: Escape characters for people using <, >, & or " in their full name Modified: trunk/web/reactos.org/htdocs/peoplemap/ajax-getuser.php Modified: trunk/web/reactos.org/htdocs/peoplemap/ajax-getuser.php URL: http://svn.reactos.org/svn/reactos/trunk/web/reactos.org/htdocs/peoplemap/a… ============================================================================== --- trunk/web/reactos.org/htdocs/peoplemap/ajax-getuser.php [iso-8859-1] (original) +++ trunk/web/reactos.org/htdocs/peoplemap/ajax-getuser.php [iso-8859-1] Sat Sep 27 13:42:53 2008 @@ -75,7 +75,7 @@ echo "<user>"; printf("<id>%u</id>", $row[0]); printf("<username>%s</username>", $row[1]); - printf("<fullname>%s</fullname>", $row[2]); + printf("<fullname>%s</fullname>", htmlspecialchars($row[2])); printf("<latitude>%s</latitude>", $row[3]); printf("<longitude>%s</longitude>", $row[4]); echo "</user>";