diff options
Diffstat (limited to 'settings/templates/personal.php')
| -rw-r--r-- | settings/templates/personal.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/settings/templates/personal.php b/settings/templates/personal.php index b3a26acdb69..cc04de5ec38 100644 --- a/settings/templates/personal.php +++ b/settings/templates/personal.php @@ -13,7 +13,7 @@ if (isset($form['anchor'])) { $anchor = '#' . $form['anchor']; $sectionName = $form['section-name']; - print_unescaped("<li><a href='$anchor'>$sectionName</a></li>"); + print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", OC_Util::sanitizeHTML($anchor), OC_Util::sanitizeHTML($sectionName))); } }?> </ul> @@ -165,7 +165,7 @@ if($_['passwordChangeSupported']) { <?php foreach($_['forms'] as $form) { if (isset($form['form'])) {?> - <div id="<?php isset($form['anchor']) ? print_unescaped($form['anchor']) : p('');?>"><?php print_unescaped($form['form']);?></div> + <div id="<?php isset($form['anchor']) ? p($form['anchor']) : p('');?>"><?php print_unescaped($form['form']);?></div> <?php } };?> |