Refs #4953 sanitize group name when updating collection name

diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php
index f04ef60db7e199b9f33cab9b7c6af9f596d2e02f..f19b905666ecff9e74ee8121a4f1c7f603468aaf 100644 (file)
--- a/mod/groups/actions/groups/edit.php
+++ b/mod/groups/actions/groups/edit.php
@@ -56,7 +56,8 @@ if (sizeof($input) > 0) {
        foreach($input as $shortname => $value) {
                // update access collection name if group name changes
                if (!$is_new_group && $shortname == 'name' && $value != $group->name) {
-                       $ac_name = elgg_echo('groups:group') . ": " . $value;
+                       $group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
+                       $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name);
                        $acl = get_access_collection($group->group_acl);
                        if ($acl) {
                                // @todo Elgg api does not support updating access collection name