From 07f8f1df4eabe196b3793d4be47b7ead3e4522d1 Mon Sep 17 00:00:00 2001
From: iliajie <gpg@ilia.engineer>
Date: Mon, 15 May 2023 20:03:53 +0300
Subject: [PATCH] Fix HTML and quote escapes for user and group choosers

---
 group_chooser.cgi | 8 ++++----
 user_chooser.cgi  | 7 +++----
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/group_chooser.cgi b/group_chooser.cgi
index b9f34acac..7a27c8137 100755
--- a/group_chooser.cgi
+++ b/group_chooser.cgi
@@ -80,8 +80,8 @@ if ($in{'multi'}) {
 			if ($in{'group'} eq $u->[0]) { print "<tr class='filter_match' $cb>\n"; }
 			else { print "<tr class='filter_match'>\n"; }
 			$u->[0] =~ s/\\/\\\\/g;
-			print "<td width=20%><a href=\"\" onClick='return addgroup(\"$u->[0]\", \"$u->[3]\")'>$u->[0]</a></td>\n";
-			print "<td>$u->[3]</td> </tr>\n";
+			print "<td width=20%><a href=\"\" onClick='return addgroup(\"@{[&quote_escape($u->[0], \"'\")]}\", \"@{[&quote_escape($u->[3], \"'\")]}\")'>@{[&html_escape($u->[0])]}</a></td>\n";
+			print "<td>@{[&html_escape($u->[3])]}</td> </tr>\n";
 			$cnt++;
 			}
 		print "</table>\n";
@@ -172,8 +172,8 @@ else {
 	foreach $u (&get_groups_list()) {
 		if ($in{'group'} eq $u->[0]) { print "<tr class='filter_match' $cb>\n"; }
 		else { print "<tr class='filter_match'>\n"; }
-		print "<td width=20%><a href=\"\" onClick='return select(\"$u->[0]\")'>$u->[0]</a></td>\n";
-		print "<td>$u->[3]</td> </tr>\n";
+		print "<td width=20%><a href=\"\" onClick='return select(\"@{[&quote_escape($u->[0], \"'\")]}\")'>@{[&html_escape($u->[0])]}</a></td>\n";
+		print "<td>@{[&html_escape($u->[3])]}</td> </tr>\n";
 		$cnt++;
 		}
 	print "</table>\n";
diff --git a/user_chooser.cgi b/user_chooser.cgi
index 8872a031f..5204c8df9 100755
--- a/user_chooser.cgi
+++ b/user_chooser.cgi
@@ -70,9 +70,8 @@ if ($in{'multi'}) {
 		foreach $u (&get_users_list()) {
 			if ($in{'user'} eq $u->[0]) { print "<tr class='filter_match' $cb>\n"; }
 			else { print "<tr class='filter_match'>\n"; }
-			$u->[6] =~ s/'/&#39;/g;
 			$u->[0] =~ s/\\/\\\\/g;
-			print "<td width=20%><a href=\"\" onClick='return adduser(\"$u->[0]\", \"$u->[6]\")'>$u->[0]</a></td>\n";
+			print "<td width=20%><a href=\"\" onClick='return adduser(\"@{[&quote_escape($u->[0], \"'\")]}\", \"@{[&quote_escape($u->[6], \"'\")]}\")'>@{[&html_escape($u->[0])]}</a></td>\n";
 			print "<td>",&html_escape($u->[6]),"</td> </tr>\n";
             		$cnt++;
 			}
@@ -163,8 +162,8 @@ else {
 	foreach $u (&get_users_list()) {
 		if ($in{'user'} eq $u->[0]) { print "<tr class='filter_match' $cb>\n"; }
 		else { print "<tr class='filter_match'>\n"; }
-		print "<td width=20%><a href=\"\" onClick='return select(\"$u->[0]\")'>$u->[0]</a></td>\n";
-		print "<td>$u->[6]</td> </tr>\n";
+		print "<td width=20%><a href=\"\" onClick='return select(\"@{[&quote_escape($u->[0], \"'\")]}\")'>@{[&html_escape($u->[0])]}</a></td>\n";
+		print "<td>@{[&html_escape($u->[6])]}</td> </tr>\n";
         	$cnt++;
 		}
 	print "</table>\n";