From 272a2812c1458d1872eac0262c6419bc2076bb66 Mon Sep 17 00:00:00 2001
From: Kevin Roast <kevin.roast@alfresco.com>
Date: Tue, 23 Jun 2009 07:33:53 +0000
Subject: [PATCH] Fix for ALFCOM-2995 - XSS encoding missing in JSF client
 Create User wizard summary page.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14840 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../org/alfresco/web/bean/users/CreateUserWizard.java     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/source/java/org/alfresco/web/bean/users/CreateUserWizard.java b/source/java/org/alfresco/web/bean/users/CreateUserWizard.java
index 7c1b9aff88..aece8efe84 100644
--- a/source/java/org/alfresco/web/bean/users/CreateUserWizard.java
+++ b/source/java/org/alfresco/web/bean/users/CreateUserWizard.java
@@ -332,11 +332,11 @@ public class CreateUserWizard extends BaseWizardBean
                     bundle.getString("user_jobtitle"), bundle.getString("user_location"),
                     bundle.getString("presence_username"), bundle.getString("quota")},
                 new String[] {
-                    this.firstName + " " + this.lastName, this.userName,
+                    Utils.encode(this.firstName + " " + this.lastName), this.userName,
                     "********", homeSpaceLabel,
-                    this.email, this.organisation,
-                    this.jobtitle, this.location,
-                    presenceLabel, quotaLabel});
+                    Utils.encode(this.email), Utils.encode(this.organisation),
+                    Utils.encode(this.jobtitle), Utils.encode(this.location),
+                    Utils.encode(presenceLabel), quotaLabel});
     }
     
     /**