escape html in fullname !35

2016-03-07 17:45:40 +01:00 · 2016-03-07 17:45:40 +01:00 · a743c6994e
commit a743c6994e
parent be1d393706
1 changed files with 1 additions and 1 deletions
--- a/actions/qvitter.php
+++ b/actions/qvitter.php
@ -480,7 +480,7 @@ class QvitterAction extends ApiAction
 							<span class="caret-outer"></span>
 							<span class="caret-inner"></span>
 						</li>
-						<li class="fullwidth"><a id="top-menu-profile-link" class="no-hover-card" href="<?php print $instanceurl.$logged_in_user_obj['screen_name']; ?>"><div id="top-menu-profile-link-fullname"><?php print $logged_in_user_obj['name']; ?></div><div id="top-menu-profile-link-view-profile"></div></a></li>
+						<li class="fullwidth"><a id="top-menu-profile-link" class="no-hover-card" href="<?php print $instanceurl.$logged_in_user_obj['screen_name']; ?>"><div id="top-menu-profile-link-fullname"><?php print htmlspecialchars($logged_in_user_obj['name']); ?></div><div id="top-menu-profile-link-view-profile"></div></a></li>
 						<li class="fullwidth dropdown-divider"></li>
                        <li class="fullwidth"><a id="faq-link"></a></li>
                        <li class="fullwidth"><a id="tou-link"></a></li>