From 3484997240716e83ff2ee79584006a800d159f58 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sun, 18 Mar 2012 18:31:36 +0000
Subject: [PATCH] additional checks

---
 lam/templates/lists/deletelink.php | 2 +-
 lam/templates/lists/userlink.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lam/templates/lists/deletelink.php b/lam/templates/lists/deletelink.php
index a33d4390..505b184a 100644
--- a/lam/templates/lists/deletelink.php
+++ b/lam/templates/lists/deletelink.php
@@ -55,7 +55,7 @@ if (isset($dn) && isset($type)) {
 	$dn = str_replace("'", '',$dn);
 	$_SESSION['delete_dn'] = array($dn);
 	// redirect to delete.php
-	metaRefresh("../delete.php?type=" . $type);
+	metaRefresh("../delete.php?type=" . htmlspecialchars($type));
 
 }
 else {
diff --git a/lam/templates/lists/userlink.php b/lam/templates/lists/userlink.php
index c960369e..043053fc 100644
--- a/lam/templates/lists/userlink.php
+++ b/lam/templates/lists/userlink.php
@@ -58,7 +58,7 @@ if ($dn) {
 else {
 	// print error message if user was not found
 	include '../main_header.php';
-	StatusMessage("ERROR", "", _("This user was not found!") . " (" . $user . ")");
+	StatusMessage("ERROR", "", _("This user was not found!") . " (" . htmlspecialchars($user) . ")");
 	echo "<p>&nbsp;</p>";
 	echo "<p><a href=\"list.php?type=group\">" . _("Back to group list") . "</a></p>";
 	include '../main_footer.php';