Use htmlentities to output the admin name on the edit list page

xh3n1 · suelaP · commit f47f81cf1626 · 2020-06-22T11:40:29.000+02:00
diff --git a/public_html/lists/admin/editlist.php b/public_html/lists/admin/editlist.php
@@ -162,7 +162,7 @@
         echo '<div class="label"><label for="owner">'.s('Owner').'</label></div><div class="field"><select name="owner">';
         foreach ($admins as $adminid => $adminname) {
             printf('    <option value="%d" %s>%s</option>', $adminid,
-                $adminid == $list['owner'] ? 'selected="selected"' : '', $adminname);
+                $adminid == $list['owner'] ? 'selected="selected"' : '', htmlentities($adminname));
         }
         echo '</select></div>';
     } else {

Original file line number	Diff line number	Diff line change
`@@ -162,7 +162,7 @@`
`162`	`162`	`echo '<div class="label"><label for="owner">'.s('Owner').'</label></div><div class="field"><select name="owner">';`
`163`	`163`	`foreach ($admins as $adminid => $adminname) {`
`164`	`164`	`printf(' <option value="%d" %s>%s</option>', $adminid,`
`165`		`- $adminid == $list['owner'] ? 'selected="selected"' : '', $adminname);`
	`165`	`+ $adminid == $list['owner'] ? 'selected="selected"' : '', htmlentities($adminname));`
`166`	`166`	`}`
`167`	`167`	`echo '</select></div>';`
`168`	`168`	`} else {`