Commit 292ac8a1 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Escape profile fields on admin edit user page

parent 234a2cc5
......@@ -3,7 +3,7 @@
{include file="columnfullstart.tpl"}
<div id="edituser" style="position: relative;">
<div style="position: absolute; top: 0; right: 0;"><a href="{$WWWROOT}user/view.php?id={$user->id}"><img src="{$WWWROOT}thumb.php?type=profileiconbyid&amp;maxwidth=100&amp;maxheight=100&amp;id={$user->profileicon}" alt=""></a></div>
<h2><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user->firstname} {$user->lastname} ({$user->username})</a></h2>
<h2><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user->firstname|escape} {$user->lastname|escape} ({$user->username|escape})</a></h2>
{if !empty($loginas)}
<div><a href="{$WWWROOT}admin/users/changeuser.php?id={$user->id}">{$loginas}</a></div>
{/if}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment