summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/controllers/user.php5
-rw-r--r--application/views/user/apikeys.php2
2 files changed, 3 insertions, 4 deletions
diff --git a/application/controllers/user.php b/application/controllers/user.php
index f1dbe5c31..27e027ac7 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -92,9 +92,8 @@ class User extends CI_Controller {
$comment = $this->input->post("comment");
- if (strlen($comment) > 255 || !preg_match("/^[a-zA-Z0-9 -@,]*$/", $comment)) {
- // display better error for
- show_error("Comment invalid. Only 255 chars of a-zA-Z0-9, @, -, space and comma allowed");
+ if (strlen($comment) > 255) {
+ show_error("Comment may only be 255 chars long.");
}
$key = random_alphanum(32);
diff --git a/application/views/user/apikeys.php b/application/views/user/apikeys.php
index 14d829ffa..aa268d678 100644
--- a/application/views/user/apikeys.php
+++ b/application/views/user/apikeys.php
@@ -15,7 +15,7 @@
<tr>
<td><?php echo $i++; ?></td>
<td><?php echo $item["key"]; ?></td>
- <td><?php echo $item["comment"]; ?></td>
+ <td><?php echo htmlentities($item["comment"]); ?></td>
<td><?php echo date("Y/m/d H:i", $item["created"]); ?></td>
<td>
<?php echo form_open("user/delete_apikey", array("style" => "margin-bottom: 0")); ?>