From 82fb0fadc7b57a7f5d4a17e1b8f27c108e2eeb64 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Tue, 23 Aug 2016 07:44:59 +0200
Subject: [PATCH] - fixed username display

---
 interface/web/sites/database_user_edit.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php
index 02ef7bfc18..1fec35c5f1 100644
--- a/interface/web/sites/database_user_edit.php
+++ b/interface/web/sites/database_user_edit.php
@@ -152,7 +152,7 @@ class page_action extends tform_actions {
 		//* Database username shall not be empty
 		if($this->dataRecord['database_user'] == '') $app->tform->errorMessage .= $app->tform->wordbook["database_user_error_empty"].'<br />';
 
-		if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', $dbuser_prefix . $this->dataRecord['database_user'], $app->tform->wordbook["database_user_error_len"]).'<br />';
+		if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', htmlentities($dbuser_prefix . $this->dataRecord['database_user'], ENT_QUOTES, 'UTF-8'), $app->tform->wordbook["database_user_error_len"]).'<br />';
 
 		//* Check database user against blacklist
 		$dbuser_blacklist = array($conf['db_user'], 'mysql', 'root');
@@ -190,7 +190,7 @@ class page_action extends tform_actions {
 
 		$this->dataRecord['database_user_prefix'] = $dbuser_prefix;
 
-		if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', $dbuser_prefix . $this->dataRecord['database_user'], $app->tform->wordbook["database_user_error_len"]).'<br />';
+		if(strlen($dbuser_prefix . $this->dataRecord['database_user']) > 16) $app->tform->errorMessage .= str_replace('{user}', htmlentities($dbuser_prefix . $this->dataRecord['database_user'], ENT_QUOTES, 'UTF-8'), $app->tform->wordbook["database_user_error_len"]).'<br />';
 
 		//* Check database user against blacklist
 		$dbuser_blacklist = array($conf['db_user'], 'mysql', 'root');
-- 
GitLab