More fixes for Trac#446: XSS vulnerabilities with vectors containing double quotes

SVN:trunk[1563]
2026-04-24 02:58:43 +02:00 · 2011-09-08 13:21:32 +00:00
parent 205e80f8a5
commit c4db9cd84e
17 changed files with 54 additions and 37 deletions
--- a/addons/userrights/userrightsprofile.class.inc.php
+++ b/addons/userrights/userrightsprofile.class.inc.php
@@ -265,7 +265,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 	
 	function DoShowGrantSumary($oPage)
 	{
-		if ($this->GetName() == "Administrator")
+		if ($this->GetRawName() == "Administrator")
 		{
 			// Looks dirty, but ok that's THE ONE
 			$oPage->p(Dict::S('UI:UserManagement:AdminProfile+'));
--- a/addons/userrights/userrightsprojection.class.inc.php
+++ b/addons/userrights/userrightsprojection.class.inc.php
@@ -97,7 +97,7 @@ class URP_Profiles extends UserRightsBaseClass
 	
 	function DoShowGrantSumary($oPage)
 	{
-		if ($this->GetName() == "Administrator")
+		if ($this->GetRawName() == "Administrator")
 		{
 			// Looks dirty, but ok that's THE ONE
 			$oPage->p(Dict::S('UI:UserManagement:AdminProfile+'));