From 35d9cf9e2516fe2e5049a485b221a2fe0da6549b Mon Sep 17 00:00:00 2001
From: james <james>
Date: Tue, 25 Jan 2005 19:20:13 +0000
Subject: [PATCH] escape the name save the password

---
 admin/committees.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/admin/committees.php b/admin/committees.php
index 6a64558..f0f0e35 100644
--- a/admin/committees.php
+++ b/admin/committees.php
@@ -172,6 +172,7 @@ if($_POST['save'])
 	if($_POST['access_super']=="Y") $a_super='Y'; else $a_super='N';
 	mysql_query("UPDATE committees_members SET ".
 		"name='".$_POST['name']."', ".
+		"password='".$_POST['password']."', ".
 		"organization='".$_POST['organization']."', ".
 		"email='".$_POST['email']."', ".
 		"emailprivate='".$_POST['emailprivate']."', ".
@@ -240,7 +241,7 @@ if($_GET['edit'] || $edit)
 
 	echo "<table>";
 
-	echo "<tr><td>".i18n("Name").":</td><td><input size=\"25\" type=\"text\" name=\"name\" value=\"$r->name\" /></td></tr>";
+	echo "<tr><td>".i18n("Name").":</td><td><input size=\"25\" type=\"text\" name=\"name\" value=\"".htmlspecialchars($r->name)."\" /></td></tr>";
 	echo "<tr><td>".i18n("Password").":</td><td><input size=\"15\" type=\"text\" name=\"password\" value=\"$r->password\" /></td></tr>";
 
 	$cq=mysql_query("SELECT committees.name, committees.id, committees_link.title, committees_link.ord FROM committees,committees_link WHERE committees_link.committees_id=committees.id AND committees_link.committees_members_id='$e' ORDER BY committees.name");

".i18n("Name").":	name\" />
".i18n("Name").":	name)."\" />
".i18n("Password").":	password\" />