plugins/SpecialGroups.php
changeset 357 1d0152181585
parent 345 4ccdfeee9a11
child 387 92664d2efab8
--- a/plugins/SpecialGroups.php	Sat Jan 19 00:32:41 2008 -0500
+++ b/plugins/SpecialGroups.php	Sun Jan 20 20:27:26 2008 -0500
@@ -509,7 +509,8 @@
       echo '<select name="group_id">';
       foreach ( $session->groups as $id => $group )
       {
-        $taboo[] = $group;
+        $taboo[] = $db->escape($group);
+        $group = htmlspecialchars($group);
         if ( $group != 'Everyone' )
         {
           $g_name_local = 'groupcp_grp_' . strtolower($group);
@@ -549,7 +550,7 @@
       {
         if ( $row['group_name'] != 'Everyone' )
         {
-          echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+          echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>';
         }
       }
       echo '</select>