rXSS cleaned username in editor info display

icecoder · Jan 17, 2022 · 51cf24b · 51cf24b
1 parent cd964f8
commit 51cf24b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/editor.php b/editor.php
@@ -150,7 +150,7 @@
             ?>
             <h2><?php echo $t['multi-user']; ?></h2>
             <span class="heading"><?php echo $t['Username']; ?></span><br>
-            <?php echo $_SESSION['username'];?><br><br>
+            <?php echo xssClean($_SESSION['username'], "html");?><br><br>
             <?php
         }
         ?>