diff options
Diffstat (limited to 'pages/content/Users:Handle.xml')
-rw-r--r-- | pages/content/Users:Handle.xml | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/pages/content/Users:Handle.xml b/pages/content/Users:Handle.xml index abed354..69339bc 100644 --- a/pages/content/Users:Handle.xml +++ b/pages/content/Users:Handle.xml @@ -28,7 +28,7 @@ $res = $GLOBALS['db']->Execute('SELECT * FROM groups ORDER BY name'); while($group = $res->FetchRow()) { - echo '<option value="' . $group[0] . '">' . strtr($group[1], array('<' => '<', '>' => '>', '&' => '&', '"' => '"')) . '</option>'; + echo '<option value="' . $group[0] . '">' . htmlspecialchars($group[1]) . '</option>'; } ?> </select><br /> @@ -43,7 +43,7 @@ } elseif(isset($_POST['group'])) { if($_POST['id']) { - $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id'])); $gid = $GLOBALS['user']->GetGid($_POST['id']); $title = 'Gruppe von \'' . $name . '\' ändern'; @@ -63,7 +63,7 @@ foreach($groups as $group) { echo '<option value="' . $group[0] . '"'; if($group[0] == $gid) echo ' selected="selected"'; - echo '>' . strtr($group[1], array('<' => '<', '>' => '>', '&' => '&', '"' => '"')) . '</option>'; + echo '>' . htmlspecialchars($group[1]) . '</option>'; } echo '</select><br />'; @@ -75,7 +75,7 @@ } elseif(isset($_POST['password'])) { if($_POST['id']) { - $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id'])); $title = 'Passwort von \'' . $name . '\' ändern'; @@ -94,7 +94,7 @@ } elseif(isset($_POST['rename'])) { if($_POST['id']) { - $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id'])); $title = '\'' . $name . '\' umbenennen'; @@ -111,7 +111,7 @@ } elseif(isset($_POST['delete'])) { if($_POST['id']) { - $name = strtr($GLOBALS['user']->GetName($_POST['id']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars($GLOBALS['user']->GetName($_POST['id'])); $title = '\'' . $name . '\' löschen'; |