From 7e430cfe4cf0fbfc968fd565f1a78d7c00367e1b Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Wed, 8 Jul 2009 01:14:13 +0200 Subject: [PATCH] [svn r21862] Minor - adding remove_xss function --- main/admin/user_list.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/main/admin/user_list.php b/main/admin/user_list.php index 61f3d0505d..e8884c18aa 100644 --- a/main/admin/user_list.php +++ b/main/admin/user_list.php @@ -1,4 +1,4 @@ -display(); echo ''; if (isset ($_GET['keyword'])) { - $parameters = array ('keyword' => $_GET['keyword']); - } elseif (isset ($_GET['keyword_firstname'])) { - $parameters['keyword_firstname'] = $_GET['keyword_firstname']; - $parameters['keyword_lastname'] = $_GET['keyword_lastname']; - $parameters['keyword_email'] = $_GET['keyword_email']; - $parameters['keyword_officialcode'] = $_GET['keyword_officialcode']; - $parameters['keyword_status'] = $_GET['keyword_status']; - $parameters['keyword_active'] = $_GET['keyword_active']; - $parameters['keyword_inactive'] = $_GET['keyword_inactive']; + $parameters = array ('keyword' => Security::remove_XSS($_GET['keyword'])); + } elseif (isset ($_GET['keyword_firstname'])) { + $parameters['keyword_firstname'] = Security::remove_XSS($_GET['keyword_firstname']); + $parameters['keyword_lastname'] = Security::remove_XSS($_GET['keyword_lastname']); + $parameters['keyword_email'] = Security::remove_XSS($_GET['keyword_email']); + $parameters['keyword_officialcode'] = Security::remove_XSS($_GET['keyword_officialcode']); + $parameters['keyword_status'] = Security::remove_XSS($_GET['keyword_status']); + $parameters['keyword_active'] = Security::remove_XSS($_GET['keyword_active']); + $parameters['keyword_inactive'] = Security::remove_XSS($_GET['keyword_inactive']); } // Create a sortable table with user-data $parameters['sec_token'] = Security::get_token();