diff options
-rw-r--r-- | includes/pages/guest_login.php | 2 | ||||
-rw-r--r-- | includes/sys_template.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 1a8465dc..b9aca87d 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -48,7 +48,7 @@ function guest_register() { } } else { $ok = false; - $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), strip_request_item('nick')), true); + $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true); } if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { diff --git a/includes/sys_template.php b/includes/sys_template.php index 569783a7..78519143 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -113,7 +113,7 @@ function form_submit($name, $label) { */ function form_text($name, $label, $value, $disabled = false) { $disabled = $disabled ? ' disabled="disabled"' : ''; - return form_element($label, '<input id="form_' . $name . '" type="text" name="' . $name . '" value="' . $value . '" ' . $disabled . '/>', 'form_' . $name); + return form_element($label, '<input id="form_' . $name . '" type="text" name="' . $name . '" value="' . htmlspecialchars($value) . '" ' . $disabled . '/>', 'form_' . $name); } /** |