diff --git a/bans.php b/bans.php index 6c33a4c..1f4ffdc 100644 --- a/bans.php +++ b/bans.php @@ -68,14 +68,14 @@ function getBanlist() { $user = censorIP((string)$ban['ip']); if (!empty($ban['lastnickname'])) - $user = htmlentities((string)$ban['lastnickname']); + $user = htmlspecialchars((string)$ban['lastnickname']); if (empty($user)) $user = "Unknown"; - $reason = htmlentities((string)$ban['reason']); - $invokername = htmlentities((string)$ban['invokername']); + $reason = htmlspecialchars((string)$ban['reason']); + $invokername = htmlspecialchars((string)$ban['invokername']); $duration = $ban['duration']; $createdepoch = $ban['created']; $expiresepoch = $ban['created'] + $duration; diff --git a/include/adminlist.php b/include/adminlist.php index ebf2faf..3c7d882 100644 --- a/include/adminlist.php +++ b/include/adminlist.php @@ -63,11 +63,11 @@ function getAdminList() { if($user["client_type"]) continue; if (!$user) { - $offlineClients[] = '
' . htmlentities($userInfo['client_nickname']) . '' . translate($lang["adminlist"]["status"]["offline"]) . '
'; + $offlineClients[] = '' . htmlspecialchars($userInfo['client_nickname']) . '' . translate($lang["adminlist"]["status"]["offline"]) . '
'; continue; } - $onlineClients[] = '' . '' . htmlentities($user) . '' . ($user['client_away'] ? '' . translate($lang["adminlist"]["status"]["away"]) . '' : '' . translate($lang["adminlist"]["status"]["online"]) . '') . '
'; + $onlineClients[] = '' . '' . htmlspecialchars($user) . '' . ($user['client_away'] ? '' . translate($lang["adminlist"]["status"]["away"]) . '' : '' . translate($lang["adminlist"]["status"]["online"]) . '') . '
'; } foreach (array_merge($onlineClients, $offlineClients) as $str)