Remove XSS from social groups page - refs #2746

chamilo · Dec 3, 2018 · 5e61c2b · 5e61c2b
1 parent 0af86dc
commit 5e61c2b
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/main/social/group_view.php b/main/social/group_view.php
@@ -110,6 +110,8 @@ function add_image_form() {
 
 if ($group_id != 0) {
     $group_info = $usergroup->get($group_id);
+    $group_info['name'] = Security::remove_XSS($group_info['name']);
+    $group_info['description'] = Security::remove_XSS($group_info['description']);
 
     $interbreadcrumb[] = ['url' => '#', 'name' => $group_info['name']];
 
@@ -154,6 +156,8 @@ function add_image_form() {
 $socialForum = '';
 
 $group_info = $usergroup->get($group_id);
+$group_info['name'] = Security::remove_XSS($group_info['name']);
+$group_info['description'] = Security::remove_XSS($group_info['description']);
 
 //Loading group information
 if (isset($_GET['status']) && $_GET['status'] == 'sent') {