diff --git a/lam/templates/lists/deletelink.php b/lam/templates/lists/deletelink.php
index a33d4390..505b184a 100644
--- a/lam/templates/lists/deletelink.php
+++ b/lam/templates/lists/deletelink.php
@@ -55,7 +55,7 @@ if (isset($dn) && isset($type)) {
$dn = str_replace("'", '',$dn);
$_SESSION['delete_dn'] = array($dn);
// redirect to delete.php
- metaRefresh("../delete.php?type=" . $type);
+ metaRefresh("../delete.php?type=" . htmlspecialchars($type));
}
else {
diff --git a/lam/templates/lists/userlink.php b/lam/templates/lists/userlink.php
index c960369e..043053fc 100644
--- a/lam/templates/lists/userlink.php
+++ b/lam/templates/lists/userlink.php
@@ -58,7 +58,7 @@ if ($dn) {
else {
// print error message if user was not found
include '../main_header.php';
- StatusMessage("ERROR", "", _("This user was not found!") . " (" . $user . ")");
+ StatusMessage("ERROR", "", _("This user was not found!") . " (" . htmlspecialchars($user) . ")");
echo "
";
echo "" . _("Back to group list") . "
";
include '../main_footer.php';