sanitarise error

This commit is contained in:
lopar 2018-03-04 02:24:24 +02:00
parent 2bae7c09b9
commit 13fcdbfb11

View File

@ -51,15 +51,15 @@ class nick
return '<i>невидимка</i>'; return '<i>невидимка</i>';
} else { } else {
if ($this->user_data['align']) { if ($this->user_data['align']) {
$n .= sprintf('<img src="i/align_%s.gif">', $this->user_data['align']); $n .= sprintf('<img src="i/align_%s.gif">', htmlspecialchars($this->user_data['align']));
} }
if ($this->user_data['klan']) { if ($this->user_data['klan']) {
$n .= sprintf('<img src="i/klan/%s.gif">', $this->user_data['klan']); $n .= sprintf('<img src="i/klan/%s.gif">', htmlspecialchars($this->user_data['klan']));
} }
} }
$n .= sprintf('<b>%s</b> [%s] <a href="inf.php?%s" target="_blank"><img src="i/inf.gif" style="width:12px;height:11px"></a>', $this->user_data['login'], $this->user_data['level'], $this->user_data['login']); $n .= sprintf('<b>%s</b> [%s] <a href="inf.php?%s" target="_blank"><img src="i/inf.gif" style="width:12px;height:11px"></a>', htmlspecialchars($this->user_data['login']), htmlspecialchars($this->user_data['level']), htmlspecialchars($this->user_data['login']));
return htmlspecialchars($n); return $n;
} }
/** /**