diff --git a/inc/plugins/ts3func.php b/inc/plugins/ts3func.php
index 92addf0..614f620 100644
--- a/inc/plugins/ts3func.php
+++ b/inc/plugins/ts3func.php
@@ -327,12 +327,12 @@ function ts3func_online()
{
if($first == false)
{
- $uzytkownicy .= ', '.$client['client_nickname'];
+ $uzytkownicy .= ', '.htmlspecialchars($client['client_nickname']);
$first = false;
}
else
{
- $uzytkownicy .= $client['client_nickname'];
+ $uzytkownicy .= htmlspecialchars($client['client_nickname']);
$first = false;
}
$ts3func_usersonline_users = $uzytkownicy;
@@ -413,9 +413,9 @@ function ts3func_profile()
$channelDesc = "";
if(!empty($channelInfo['data']['channel_topic']))
- $channelDesc = " (".$channelInfo['data']['channel_topic'].")";
+ $channelDesc = " (".htmlspecialchars($channelInfo['data']['channel_topic']).")";
- $client_channel = "![](\"inc/plugins/ts3func/images/".$channelIcon.".png\")
".$channelInfo['data']['channel_name'].$channelDesc;
+ $client_channel = "".htmlspecialchars($channelInfo['data']['channel_name']).$channelDesc;
$client_firstconnect = date('Y-m-d H:i', $profileInfo['data']['client_created']);
$client_lastconnect = date('Y-m-d H:i', $profileInfo['data']['client_lastconnected']);
diff --git a/tsonline.php b/tsonline.php
index 0589a04..2c416a0 100644
--- a/tsonline.php
+++ b/tsonline.php
@@ -49,15 +49,15 @@
$channelDesc = "";
if(!empty($channelInfo['channel_topic']))
- $channelDesc = " (".$channelInfo['channel_topic'].")";
+ $channelDesc = " (".htmlspecialchars($channelInfo['channel_topic']).")";
- $client_channel = "".$channelInfo['channel_name'].$channelDesc;
+ $client_channel = "".htmlspecialchars($channelInfo['channel_name']).$channelDesc;
$userlist .= '
|
- '.$info['client_nickname'].'
+ '.htmlspecialchars($info['client_nickname']).'
|
'.$client_connectiontime.' '.$lang->ts3func_minutes.'
|