diff --git a/gulliver/methods/propelTableAjax.php b/gulliver/methods/propelTableAjax.php index edbc159bb..735e1c330 100755 --- a/gulliver/methods/propelTableAjax.php +++ b/gulliver/methods/propelTableAjax.php @@ -71,7 +71,7 @@ $fastSearch = get_ajax_value('fastSearch'); if (isset($fastSearch)) { - $ntable->fastSearch= urldecode($fastSearch); + $ntable->fastSearch= htmlentities(urldecode($fastSearch), ENT_QUOTES, 'UTF-8'); $page = 1; } diff --git a/workflow/engine/controllers/main.php b/workflow/engine/controllers/main.php index d8315fe91..792c34007 100644 --- a/workflow/engine/controllers/main.php +++ b/workflow/engine/controllers/main.php @@ -31,7 +31,7 @@ class Main extends Controller // setting variables for template $this->setVar('logo_company', $this->getCompanyLogo()); - $this->setVar('userfullname', $this->getUserFullName()); + $this->setVar('userfullname', htmlentities($this->getUserFullName(), ENT_QUOTES, 'UTF-8') ); $this->setVar('user', isset($_SESSION['USR_USERNAME']) ? $_SESSION['USR_USERNAME'] : ''); $this->setVar('pipe', isset($_SESSION['USR_USERNAME']) ? ' | ' : ''); $this->setVar('rolename', $this->getUserRole()); diff --git a/workflow/engine/skinEngine/skinEngine.php b/workflow/engine/skinEngine/skinEngine.php index e7038000e..6e07d23a1 100755 --- a/workflow/engine/skinEngine/skinEngine.php +++ b/workflow/engine/skinEngine/skinEngine.php @@ -635,7 +635,7 @@ class SkinEngine $smarty->assign('switch_interface', $switch_interface); $smarty->assign('switch_interface_label', G::LoadTranslation('ID_SWITCH_INTERFACE')); - $smarty->assign('userfullname', isset($_SESSION['USR_FULLNAME']) ? $_SESSION['USR_FULLNAME'] : ''); + $smarty->assign('userfullname', isset($_SESSION['USR_FULLNAME']) ? htmlentities($_SESSION['USR_FULLNAME'] , ENT_QUOTES, 'UTF-8'): ''); $smarty->assign('user', isset($_SESSION['USR_USERNAME']) ? '(' . $_SESSION['USR_USERNAME'] . ')' : ''); $smarty->assign('rolename', isset($_SESSION['USR_ROLENAME']) ? $_SESSION['USR_ROLENAME'] . '' : ''); $smarty->assign('pipe', isset($_SESSION['USR_USERNAME']) ? ' | ' : '');