Fixed: HTML vulnerability (Cross Site Scripting).

Fixed: All comments are displayed on comments.php

git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1695 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 1 insertions, 1 deletions

diff --git a/admin/user_list.php b/admin/user_list.php
index c1e6fac2c..21ba58806 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -485,7 +485,7 @@ $template->assign_vars(
     'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list',
     
     'F_ADD_ACTION' => $base_url,
-    'F_USERNAME' => @$_GET['username'],
+    'F_USERNAME' => @htmlentities($_GET['username']),
     'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php'
     ));