From: Steve Clay <steve@mrclay.org>
Date: Tue, 5 Feb 2013 02:03:03 +0000 (-0500)
Subject: Normalized escaping, escape $user->location just in case
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=17d6bd620d5b4712ca01f5318170384804004a9e;p=lorea%2Felgg.git

Normalized escaping, escape $user->location just in case
---

diff --git a/engine/lib/users.php b/engine/lib/users.php
index 19f4e434d..4a585c07f 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -835,7 +835,7 @@ function validate_username($username) {
 	for ($n = 0; $n < strlen($blacklist2); $n++) {
 		if (strpos($username, $blacklist2[$n]) !== false) {
 			$msg = elgg_echo('registration:invalidchars', array($blacklist2[$n], $blacklist2));
-			$msg = htmlentities($msg, ENT_COMPAT, 'UTF-8');
+			$msg = htmlspecialchars($msg, ENT_QUOTES, 'UTF-8');
 			throw new RegistrationException($msg);
 		}
 	}
@@ -1331,9 +1331,10 @@ function elgg_users_setup_entity_menu($hook, $type, $return, $params) {
 	} else {
 		$return = array();
 		if (isset($entity->location)) {
+			$location = htmlspecialchars($entity->location, ENT_QUOTES, 'UTF-8', false);
 			$options = array(
 				'name' => 'location',
-				'text' => "<span>$entity->location</span>",
+				'text' => "<span>$location</span>",
 				'href' => false,
 				'priority' => 150,
 			);