Prevent XSS on formatted user link

glpi-project · Nov 3, 2022 · 32e5ad6 · 32e5ad6
1 parent 01c2172
commit 32e5ad6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/DbUtils.php b/src/DbUtils.php
@@ -1605,7 +1605,7 @@ public function formatUserName($ID, $login, $realname, $firstname, $link = 1, $c
             ($link == 1)
             && ($ID > 0)
         ) {
-            $before = "<a title=\"" . Toolbox::addslashes_deep($formatted) . "\"
+            $before = "<a title=\"" . htmlspecialchars($formatted) . "\"
                        href='" . User::getFormURLWithID($ID) . "'>";
             $after  = "</a>";
         }