Escape HTML special characters in registration user name

delta · Mar 2, 2019 · 6c98462 · 6c98462
1 parent aaaa01c
commit 6c98462
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/cms/registration.lib.php b/cms/registration.lib.php
@@ -48,7 +48,7 @@ function getRegistrationForm() {
 	if(isset($_POST['user_email']))
 		$email_val = escape($_POST['user_email']);
 	if(isset($_POST['user_name']))
-		$name_val = escape($_POST['user_name']);
+		$name_val = htmlspecialchars(escape($_POST['user_name']));
 	if(isset($_POST['user_email']))
 		$fullname_val = escape($_POST['user_fullname']);
 	$reg_str =<<<REG