diff --git a/admin/inc/class.uiaccounts.inc.php b/admin/inc/class.uiaccounts.inc.php
index 2c2219deb9..e694e5fd3b 100755
--- a/admin/inc/class.uiaccounts.inc.php
+++ b/admin/inc/class.uiaccounts.inc.php
@@ -942,9 +942,9 @@
accounts::cache_invalidate((int)$_GET['account_id']);
$userData = $GLOBALS['egw']->accounts->read((int)$_GET['account_id'],'u');
- $var['account_lid'] = $userData['account_lid'];
- $var['account_firstname'] = $userData['firstname'];
- $var['account_lastname'] = $userData['lastname'];
+ $var['account_lid'] = html::htmlspecialchars($userData['account_lid']);
+ $var['account_firstname'] = html::htmlspecialchars($userData['firstname']);
+ $var['account_lastname'] = html::htmlspecialchars($userData['lastname']);
$acl =& CreateObject('phpgwapi.acl',(int)$_GET['account_id']);
$var['anonymous'] = $acl->check('anonymous',1,'phpgwapi') ? ' X' : ' ';
@@ -1007,7 +1007,7 @@
{
while (list(,$group) = each($usergroups))
{
- $group_names[] = $group['account_name'];
+ $group_names[] = html::htmlspecialchars($group['account_name']);
}
$var['groups_select'] = implode(', ',$group_names);
}
@@ -1130,7 +1130,7 @@
'form_action' => $GLOBALS['egw']->link('/index.php','menuaction=admin.uiaccounts.'.($group_info['account_id']?'edit':'add').'_group'),
'hidden_vars' => '',
'lang_group_name' => lang('group name'),
- 'group_name_value' => $group_info['account_name'],
+ 'group_name_value' => html::htmlspecialchars($group_info['account_name']),
'lang_include_user' => lang('Select users for inclusion'),
'error' => (!$_errors?'':''.common::error_list($_errors).''),
'lang_permissions' => lang('Permissions this group has')
@@ -1376,9 +1376,10 @@
{
$lang_homedir = lang('home directory');
$lang_shell = lang('login shell');
- $homedirectory = '';
+ $homedirectory = '';
$loginshell = '';
}
else
@@ -1439,9 +1440,12 @@
'changepassword' => '',
'mustchangepassword' => '',
'account_status' => '',
- 'account_firstname' => '',
- 'account_lastname' => '',
- 'account_email' => '',
+ 'account_firstname' => '',
+ 'account_lastname' => '',
+ 'account_email' => '',
'account_passwd' => $userData['account_passwd'],
'account_passwd_2' => $userData['account_passwd_2'],
'account_file_space' => $account_file_space,
@@ -1486,7 +1490,7 @@
{
$primary_group_select .= ' selected="1"';
}
- $primary_group_select .= '>' . $value['account_lid'] . ''."\n";
+ $primary_group_select .= '>' . html::htmlspecialchars($value['account_lid']) . ''."\n";
}
//prepare the userGroups Array for use with the checkbox-multiselect use -> selarray
$selarray=array();