From 48e816f6483eefce470b21902fc36bcd20742aa4 Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Sun, 1 Jul 2007 04:20:36 +0000
Subject: [PATCH] Sanitize HTML output from the 'showuser' command

---
 webcit/userlist.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/webcit/userlist.c b/webcit/userlist.c
index e74ab2305..38539c0e1 100644
--- a/webcit/userlist.c
+++ b/webcit/userlist.c
@@ -151,7 +151,9 @@ void showuser(void)
 		urlescputs(who);
 		wprintf("\">");
 	}
-	wprintf("</td><td><h1>%s</h1></td></tr></table></center>\n", who);
+	wprintf("</td><td><h1>");
+	escputs(who);
+	wprintf("</h1></td></tr></table></center>\n");
 	serv_printf("RBIO %s", who);
 	serv_getln(buf, sizeof buf);
 	if (buf[0] == '1') {
-- 
2.39.2