Escape the user display name in the backend section

alextselegidis · Apr 15, 2023 · bddc5cb · bddc5cb
1 parent 2255c84
commit bddc5cb
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/application/views/components/backend_header.php b/application/views/components/backend_header.php
@@ -86,7 +86,7 @@
                 <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown"
                    data-tippy-content="<?= lang('settings_hint') ?>">
                     <i class="fas fa-user me-2"></i>
-                    <?= vars('user_display_name') ?>
+                    <?= e(vars('user_display_name')) ?>
                 </a>
                 <div class="dropdown-menu dropdown-menu-end">
                     <?php if (can('view', PRIV_SYSTEM_SETTINGS)): ?>