Escape the user display name in the backend section

2023-04-15 14:03:28 +02:00 · 2023-04-15 14:03:28 +02:00 · bddc5cbeb7
parent 2255c84778
commit bddc5cbeb7
1 changed files with 1 additions and 1 deletions
--- a/application/views/components/backend_header.php
+++ b/application/views/components/backend_header.php
@ -86,7 +86,7 @@
                <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown"
                   data-tippy-content="<?= lang('settings_hint') ?>">
                    <i class="fas fa-user me-2"></i>
-                    <?= vars('user_display_name') ?>
+                    <?= e(vars('user_display_name')) ?>
                </a>
                <div class="dropdown-menu dropdown-menu-end">
                    <?php if (can('view', PRIV_SYSTEM_SETTINGS)): ?>