diff --git a/core/users/users.php b/core/users/users.php index 61cc48be7f..4bf8b581ee 100644 --- a/core/users/users.php +++ b/core/users/users.php @@ -114,7 +114,7 @@ } unset ($prep_statement, $result, $sql); $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; - $param = "search=".$search_value; + $param = "search=".escape($search_value); if (permission_exists('user_all') && $_GET['show'] == 'all') { $param .= "&show=all"; } @@ -161,7 +161,7 @@ if (permission_exists('user_import')) { echo "\n"; } - echo ""; + echo ""; echo ""; echo ""; echo "\n"; @@ -199,27 +199,27 @@ echo "\n"; echo "\n"; - if ($user_count > 0) { + if (is_array($users)) { foreach($users as $row) { if (if_superadmin($superadmins, $row['user_uuid']) && !if_group("superadmin")) { //hide } else { - $tr_link = (permission_exists('user_edit')) ? "href='user_edit.php?id=".$row['user_uuid']."'" : null; + $tr_link = (permission_exists('user_edit')) ? "href='user_edit.php?id=".escape($row['user_uuid'])."'" : null; echo "\n"; if (permission_exists('user_all') && $_GET['show'] == 'all') { - echo " ".$_SESSION['domains'][$row['domain_uuid']]['domain_name']."\n"; + echo " ".escape($_SESSION['domains'][$row['domain_uuid']]['domain_name'])."\n"; } echo " "; if (permission_exists('user_edit')) { - echo "".$row['username'].""; + echo "".escape($row['username']).""; } else { - echo $row['username']; + echo escape($row['username']); } echo " \n"; echo " "; if (sizeof($user_groups[$row['user_uuid']]) > 0) { - echo implode(', ', $user_groups[$row['user_uuid']]); + echo escape(implode(', ', $user_groups[$row['user_uuid']])); } echo " \n"; echo " ";