Fixed: HTML vulnerability (Cross Site Scripting)

git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 1 insertions, 1 deletions

diff --git a/admin/user_list.php b/admin/user_list.php
index 101c4df7a..69d46e6d2 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -477,7 +477,7 @@ $template->assign_vars(
     'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list',
 
     'F_ADD_ACTION' => $base_url,
-    'F_USERNAME' => @$_GET['username'],
+    'F_USERNAME' => @htmlentities($_GET['username']),
     'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php'
     ));