From f3f9bd40d62daad1ada4ddbe318a952578286ba0 Mon Sep 17 00:00:00 2001
From: Brett Bieber <brett.bieber@gmail.com>
Date: Tue, 16 Feb 2010 16:33:04 +0000
Subject: [PATCH] Escape the name when we display it on the custom profile
 page.

---
 plugins/flexprofile_mj/views/default/profile/userdetails.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/flexprofile_mj/views/default/profile/userdetails.php b/plugins/flexprofile_mj/views/default/profile/userdetails.php
index f840b848..69d5854e 100755
--- a/plugins/flexprofile_mj/views/default/profile/userdetails.php
+++ b/plugins/flexprofile_mj/views/default/profile/userdetails.php
@@ -111,12 +111,12 @@ END;
 		$rel = 'friend';
 		
 	// display the users name
-	$body .= "<h2><a href=\"" . $vars['entity']->getUrl() . "\" rel=\"$rel\">" . $vars['entity']->name . "</a></h2>";
+	$body .= "<h2><a href=\"" . $vars['entity']->getUrl() . "\" rel=\"$rel\">" . htmlentities($vars['entity']->name) . "</a></h2>";
 
 	//insert a view that can be extended
 	$body .= elgg_view("profile/status", array("entity" => $vars['entity']));
 	// display the users name
-	//$body .= "<h2><a href=\"" . $vars['entity']->getUrl() . "\">" . $vars['entity']->name . "</a></h2>";
+	//$body .= "<h2><a href=\"" . $vars['entity']->getUrl() . "\">" . htmlentities($vars['entity']->name) . "</a></h2>";
 
 	if ($vars['full'] == true) {
 		if ($form) {
-- 
GitLab