* Add ability to plugins to check uploaded media files for invalid

file extensions. Added more escaping to user- and groupnames for untrusted author environments, thanks to Hanno Boeck. (garvinhicking)
2008-02-01 14:10:14 +00:00
parent 2aff6710c8
commit d34bbd7181
13 changed files with 41 additions and 30 deletions
--- a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php
+++ b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php
@ -380,7 +380,7 @@ class serendipity_event_entryproperties extends serendipity_event
                                $avail_users =& $this->getValidAuthors();

                                foreach($avail_users AS $user) {
-                                    echo '<option value="' . $user['authorid'] . '" ' . ($selected_user == $user['authorid'] ? ' selected="selected"' : '') . '>' . $user['realname'] . '</option>' . "\n";
+                                    echo '<option value="' . $user['authorid'] . '" ' . ($selected_user == $user['authorid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($user['realname']) . '</option>' . "\n";
                                }
                                ?>
                                </select>