Fix User CP email persistent XSS

mybb · May 21, 2023 · d6a57e4 · d6a57e4
1 parent a68bfe3
commit d6a57e4
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/usercp.php b/usercp.php
@@ -4197,6 +4197,8 @@
 	$avatar_username = htmlspecialchars_uni($mybb->user['username']);
 	eval("\$avatar = \"".$templates->get("usercp_currentavatar")."\";");
 
+	$mybb->user['email'] = htmlspecialchars_uni($mybb->user['email']);
+
 	$usergroup = htmlspecialchars_uni($groupscache[$mybb->user['usergroup']]['title']);
 	if($mybb->user['usergroup'] == 5 && $mybb->settings['regtype'] != "admin")
 	{