Session: fix problem with names contening quote that breaks the javascript -refs BT#20996

2 years ago · 385a755ae8
parent bc432c19b4
commit 385a755ae8
1 changed files with 1 additions and 1 deletions
--- a/main/session/add_users_to_session_course.php
+++ b/main/session/add_users_to_session_course.php
@ -257,7 +257,7 @@ function search_users($needle, $type)
                    }

                    $return .= '<a href="javascript: void(0);" onclick="javascript: add_user_to_session(\''.$user['id']
-                        .'\',\''.$person_name.' '.'\')">'.$person_name.' </a><br />';
+                        .'\',\''.addslashes(htmlentities($person_name)).' '.'\')">'.$person_name.' </a><br />';
                } else {
                    $return .= '...<br />';
                }