diff --git a/customindex/views/default/customindex/content.php b/customindex/views/default/customindex/content.php
index 996e3f08f9648636a43c09cfc54c0600eea857fe..15f826a6ef0df7daf83ad21c94caa7cacc267cdc 100644
--- a/customindex/views/default/customindex/content.php
+++ b/customindex/views/default/customindex/content.php
@@ -156,21 +156,22 @@
<?php
$users = get_entities_from_metadata('icontime', '', 'user', '', 0, 8);
//$users = get_entities('user', '', 0, '', 8, 0, false, 0, null);
+
if($users){
foreach($users as $user){
echo "<div class=\"member_icon\"><img onclick=\"window.openLocation('" . $user->longitude . "','" . $user->latitude . "','" . $user->username . "',";
if($user->profile_country)
- echo "'" . $user->profile_country . " - " . $user->profile_city . ", " . $user->profile_state . "',";
+ echo "'" . $user->profile_country . " - " . str_replace("'","\'",htmlentities($user->profile_city)) . ", " . $user->profile_state . "',";
else
echo "'',";
- echo "'" . $user->name . "',";
+ echo "'" . str_replace("'","\'",htmlentities($user->name)) . "',";
if($user->profile_attended_from != "Did Not Attend UNL" && $user->profile_attended_from != "" && $user->profile_attended_from != NULL)
echo "'Attended UNL: " . $user->profile_attended_from . "-" . $user->profile_attended_to . "'";
else
echo "''";
- echo ",'$user->map_explanation');return false;\" src=\"mod/profile/icon.php?username=" . $user->username . "&size=tiny\" /></div>";
+ echo ",'". str_replace("'","\'",htmlentities($user->map_explanation))."');return false;\" src=\"mod/profile/icon.php?username=" . $user->username . "&size=tiny\" /></div>";
}
- }
+ }
?>
</div>