#671 - sanitise email address of an admin

Author: michield

public_html/lists/admin/admin.php

@@ -89,6 +89,7 @@
     if ($id) {
         echo '<div class="actionresult">';
         reset($struct);
+        $_POST['email'] = htmlspecialchars(strip_tags($_POST['email']));
         foreach ($struct as $key => $val) {
             $a = $b = '';
             if (strstr($val[1], ':')) {

public_html/lists/admin/admins.php

@@ -108,7 +108,7 @@
     $ls->addElement(htmlentities($admin['loginname']),
         PageUrl2('admin', s('Show'), "start=$start&id=".$admin['id'].$remember_find));
     $ls->addColumn($admin['loginname'], s('Id'), $admin['id']);
-    $ls->addColumn($admin['loginname'], s('email'), $admin['email']);
+    $ls->addColumn($admin['loginname'], s('email'), htmlspecialchars($admin['email']));
     $ls->addColumn($admin['loginname'], s('Super Admin'), $admin['superuser'] ? s('Yes') : s('No'));
     $ls->addColumn($admin['loginname'], s('Disabled'), $admin['disabled'] ? s('Yes') : s('No'));
     if ($_SESSION['logindetails']['superuser'] && $admin['id'] != $_SESSION['logindetails']['id']) {