|
|
@@ -42,7 +42,7 @@
|
|
|
<a id="delete_link_<?=$i?>" class="data-controls do_delete" title="<?=_('delete');?>">
|
|
|
<i class="fas fa-trash status-icon red status-icon dim do_delete"></i>
|
|
|
<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
|
|
|
- <input type="hidden" name="delete_url" value="/delete/key/?user=<?=$_GET['user']?>&key=<?=$key?>&token=<?=$_SESSION['token']?>" />
|
|
|
+ <input type="hidden" name="delete_url" value="/delete/key/?user=<?=htmlentities($_GET['user']);?>&key=<?=$key?>&token=<?=$_SESSION['token']?>" />
|
|
|
<?php } else { ?>
|
|
|
<input type="hidden" name="delete_url" value="/delete/key/?key=<?=$key?>&token=<?=$_SESSION['token']?>" />
|
|
|
<?php } ?>
|
Jaap Marcus