From 722fbae7c06dd321e328ab83c4041efe4c96aa63 Mon Sep 17 00:00:00 2001
From: Graham Eames <grahamje@users.sourceforge.net>
Date: Thu, 26 Jan 2006 20:36:54 +0000
Subject: [PATCH] Escape the group name to prevent a few common support issues
 NB: We still allow HTML in group names because some administrators use it
 (this is designed behaviour)

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5495 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/admin/admin_groups.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpBB/admin/admin_groups.php b/phpBB/admin/admin_groups.php
index 2b125e2f2d..1074475afb 100644
--- a/phpBB/admin/admin_groups.php
+++ b/phpBB/admin/admin_groups.php
@@ -250,7 +250,7 @@ else if ( isset($HTTP_POST_VARS['group_update']) )
 	else
 	{
 		$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
-		$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : '';
+		$group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : '';
 		$group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : '';
 		$group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
 		$delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false;