From: Art Cancro <ajc@citadel.org>
Date: Sun, 1 Jul 2007 04:20:36 +0000 (+0000)
Subject: Sanitize HTML output from the 'showuser' command
X-Git-Tag: v7.86~3274
X-Git-Url: https://code.citadel.org/?a=commitdiff_plain;h=48e816f6483eefce470b21902fc36bcd20742aa4;p=citadel.git

Sanitize HTML output from the 'showuser' command
---

diff --git a/webcit/userlist.c b/webcit/userlist.c
index e74ab2305..38539c0e1 100644
--- a/webcit/userlist.c
+++ b/webcit/userlist.c
@@ -151,7 +151,9 @@ void showuser(void)
 		urlescputs(who);
 		wprintf("\">");
 	}
-	wprintf("</td><td><h1>%s</h1></td></tr></table></center>\n", who);
+	wprintf("</td><td><h1>");
+	escputs(who);
+	wprintf("</h1></td></tr></table></center>\n");
 	serv_printf("RBIO %s", who);
 	serv_getln(buf, sizeof buf);
 	if (buf[0] == '1') {