From 3c5815bf7693d5a350f9287268ed16057f0e1ec6 Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com>
Date: Sat, 18 Feb 2017 21:45:52 +0000
Subject: [PATCH] Prevent users from including attacks in their names.

---
 core.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core.php b/core.php
index 3a032c2..6a8148a 100644
--- a/core.php
+++ b/core.php
@@ -1129,7 +1129,7 @@ class page_renderer
 		$result = "";
 		if(in_array($name, $settings->admins))
 			$result .= $settings->admindisplaychar;
-		$result .= "<a href='?page=" . rawurlencode(get_user_pagename($name)) . "'>$name</a>";
+		$result .= "<a href='?page=" . rawurlencode(get_user_pagename($name)) . "'>" . htmlentities($name) . "</a>";
 
 		return $result;
 	}