Improve HTML escaping

2014-02-24 18:29:09 -05:00
parent 64e2e07229
commit 8159cc99a6
6 changed files with 14 additions and 9 deletions
--- a/templates/user_index.php
+++ b/templates/user_index.php
@@ -27,7 +27,7 @@
                    <?= $user['is_admin'] ? t('Yes') : t('No') ?>
                </td>
                <td>
-                    <?= (isset($user['default_project_id']) && isset($projects[$user['default_project_id']])) ? $projects[$user['default_project_id']] : t('None'); ?>
+                    <?= (isset($user['default_project_id']) && isset($projects[$user['default_project_id']])) ? Helper\escape($projects[$user['default_project_id']]) : t('None'); ?>
                </td>
                <td>
                    <?php if (Helper\is_admin() || Helper\is_current_user($user['id'])): ?>