diff --git a/include/class.format.php b/include/class.format.php
index 4c73d5188f5c1ab46e5b4d712f80c57f7106c9cc..654a9c4e287156a01e0c1c0a6df47526a20bfb44 100644
--- a/include/class.format.php
+++ b/include/class.format.php
@@ -274,8 +274,8 @@ class Format {
$flags |= ENT_HTML401;
return is_array($var)
- ? array_map(array('Format','htmlencode'), $var)
- : htmlentities($var, $flags, 'UTF-8');
+ ? array_map(array('Format', 'htmlencode'), $var)
+ : htmlentities( (string) $var, $flags, 'UTF-8', false);
}
function htmldecode($var) {
diff --git a/include/class.user.php b/include/class.user.php
index b137d49ee8e0de97d63db576baab32569a92cfbb..d2e2e9e5706bbadf0d8a427b73221b158d2b73d3 100644
--- a/include/class.user.php
+++ b/include/class.user.php
@@ -157,9 +157,9 @@ class User extends UserModel {
list($name) = explode('@', $vars['email'], 2);
$user = User::create(array(
- 'name'=>$name,
- 'created'=>new SqlFunction('NOW'),
- 'updated'=>new SqlFunction('NOW'),
+ 'name' => Format::sanitize($name, false),
+ 'created' => new SqlFunction('NOW'),
+ 'updated' => new SqlFunction('NOW'),
//XXX: Do plain create once the cause
// of the detached emails is fixed.
'default_email' => UserEmail::ensure($vars['email'])
@@ -247,7 +247,7 @@ class User extends UserModel {
$info = array(
'id' => $this->getId(),
- 'name' => (string) $this->getName(),
+ 'name' => Format::htmlchars($this->getName()),
'email' => (string) $this->getEmail(),
'phone' => (string) $this->getPhoneNumber());
diff --git a/include/staff/templates/users.tmpl.php b/include/staff/templates/users.tmpl.php
index 42ad7e6f1d1317df697f492cb7a9bb5a0949cfee..6bff557b2d4200105b9abab2d54ae68b4d6c90ae 100644
--- a/include/staff/templates/users.tmpl.php
+++ b/include/staff/templates/users.tmpl.php
@@ -97,7 +97,9 @@ if ($num) { ?>
value="<?php echo $row['id']; ?>" <?php echo $sel?'checked="checked"':''; ?> >
</td>
<td>
- <a class="userPreview" href="users.php?id=<?php echo $row['id']; ?>"><?php echo $name; ?></a>
+ <a class="userPreview"
+ href="users.php?id=<?php echo $row['id']; ?>"><?php
+ echo Format::htmlchars($name); ?></a>
<?php
if ($row['tickets'])
@@ -105,7 +107,7 @@ if ($num) { ?>
<small>(%d)</small>', $row['tickets']);
?>
</td>
- <td><?php echo $row['email']; ?></td>
+ <td><?php echo Format::htmlchars($row['email']); ?></td>
<td><?php echo $status; ?></td>
<td><?php echo Format::db_date($row['created']); ?></td>
</tr>
diff --git a/include/staff/ticket-view.inc.php b/include/staff/ticket-view.inc.php
index a63df79ea83538377ed3c84512c1fddac1077807..bfef5605e76e51406a4ebf3ddb4d0a00c345c858 100644
--- a/include/staff/ticket-view.inc.php
+++ b/include/staff/ticket-view.inc.php
@@ -452,7 +452,9 @@ $tcount+= $ticket->getNumNotes();
<td>
<?php
# XXX: Add user-to-name and user-to-email HTML ID#s
- $to =sprintf('%s <%s>', $ticket->getName(), $ticket->getReplyToEmail());
+ $to =sprintf('%s <%s>',
+ Format::htmlchars($ticket->getName()),
+ $ticket->getReplyToEmail());
$emailReply = (!isset($info['emailreply']) || $info['emailreply']);
?>
<select id="emailreply" name="emailreply">
diff --git a/include/staff/tickets.inc.php b/include/staff/tickets.inc.php
index ce2728dd2adc70580a663146a02de4aa8e476920..83bb13f05b82e85023a936c8f9bfbd1efe56ad07 100644
--- a/include/staff/tickets.inc.php
+++ b/include/staff/tickets.inc.php
@@ -424,7 +424,8 @@ if ($results) {
echo '<i class="icon-fixed-width icon-paperclip"></i> ';
?>
</td>
- <td nowrap> <?php echo Format::truncate($row['name'],22,strpos($row['name'],'@')); ?> </td>
+ <td nowrap> <?php echo Format::htmlchars(
+ Format::truncate($row['name'], 22, strpos($row['name'], '@'))); ?> </td>
<?php
if($search && !$status){
$displaystatus=ucfirst($row['status']);
diff --git a/include/staff/users.inc.php b/include/staff/users.inc.php
index 91362ae32c8b0bc0afb9d0af276587717ed6afd8..222cceb373b63686112e268ad3070ffed5ec74ce 100644
--- a/include/staff/users.inc.php
+++ b/include/staff/users.inc.php
@@ -139,7 +139,8 @@ else
?>
<tr id="<?php echo $row['id']; ?>">
<td>
- <a class="userPreview" href="users.php?id=<?php echo $row['id']; ?>"><?php echo $name; ?></a>
+ <a class="userPreview" href="users.php?id=<?php echo $row['id']; ?>"><?php
+ echo Format::htmlchars($name); ?></a>
<?php
if ($row['tickets'])
diff --git a/scp/tickets.php b/scp/tickets.php
index 16b9d4cde3518968d6fe70a1b345c83c539d5d37..1dda6f0fda890128e23211ff075b43ec7db493bf 100644
--- a/scp/tickets.php
+++ b/scp/tickets.php
@@ -357,7 +357,7 @@ if($_POST && !$errors):
} elseif (!$_POST['user_id'] || !($user=User::lookup($_POST['user_id']))) {
$errors['err'] = 'Unknown user selected!';
} elseif ($ticket->changeOwner($user)) {
- $msg = 'Ticket ownership changed to '.$user->getName();
+ $msg = 'Ticket ownership changed to ' . Format::htmlchars($user->getName());
} else {
$errors['err'] = 'Unable to change tiket ownership. Try again';
}