Use htmlentities to output the admin name on subscribe page

xh3n1 · suelaP · commit c57e5a967c8c · 2020-06-22T11:40:12.000+02:00
diff --git a/public_html/lists/admin/spageedit.php b/public_html/lists/admin/spageedit.php
@@ -412,7 +412,7 @@
     foreach ($admins as $adminid => $adminname) {
         $singleOwner = '<input type="hidden" name="owner" value="'.$adminid.'" />';
         $ownerHTML .= sprintf('<option value="%d" %s>%s</option>', $adminid,
-            $adminid == $data['owner'] ? 'selected="selected"' : '', $adminname);
+            $adminid == $data['owner'] ? 'selected="selected"' : '', htmlentities($adminname));
     }
     $ownerHTML .= '</select>';
 

Original file line number	Diff line number	Diff line change
`@@ -412,7 +412,7 @@`
`412`	`412`	`foreach ($admins as $adminid => $adminname) {`
`413`	`413`	`$singleOwner = '<input type="hidden" name="owner" value="'.$adminid.'" />';`
`414`	`414`	`$ownerHTML .= sprintf('<option value="%d" %s>%s</option>', $adminid,`
`415`		`- $adminid == $data['owner'] ? 'selected="selected"' : '', $adminname);`
	`415`	`+ $adminid == $data['owner'] ? 'selected="selected"' : '', htmlentities($adminname));`
`416`	`416`	`}`
`417`	`417`	`$ownerHTML .= '</select>';`
`418`	`418`