Remove XSS from social groups page - refs #2746

ywarnier · ywarnier · commit 5e61c2b0fcc9 · 2018-12-03T13:40:27.000-05:00
diff --git a/main/social/group_view.php b/main/social/group_view.php
@@ -110,6 +110,8 @@ function add_image_form() {
 
 if ($group_id != 0) {
     $group_info = $usergroup->get($group_id);
+    $group_info['name'] = Security::remove_XSS($group_info['name']);
+    $group_info['description'] = Security::remove_XSS($group_info['description']);
 
     $interbreadcrumb[] = ['url' => '#', 'name' => $group_info['name']];
 
@@ -154,6 +156,8 @@ function add_image_form() {
 $socialForum = '';
 
 $group_info = $usergroup->get($group_id);
+$group_info['name'] = Security::remove_XSS($group_info['name']);
+$group_info['description'] = Security::remove_XSS($group_info['description']);
 
 //Loading group information
 if (isset($_GET['status']) && $_GET['status'] == 'sent') {
