Escape the group name to prevent a few common support issues

NB: We still allow HTML in group names because some administrators use it (this is designed behaviour) git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5495 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-05-02 13:47:55 +02:00 · 2006-01-26 20:36:54 +00:00 · 2006-01-26 20:36:54 +00:00 · 722fbae7c0
commit 722fbae7c0
parent 70722f5c45
1 changed files with 1 additions and 1 deletions
--- a/phpBB/admin/admin_groups.php
+++ b/phpBB/admin/admin_groups.php
@ -250,7 +250,7 @@ else if ( isset($HTTP_POST_VARS['group_update']) )
 	else
 	{
 		$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
-		$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : '';
+		$group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : '';
 		$group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : '';
 		$group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
 		$delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false;