Initial Post list

exam/classes/Models/User/User.php

@@ -188,7 +188,7 @@ class User implements JsonSerializable
         egb_benutzer(benutzer, passwort, email, confirmationcode)
       VALUES(:USR, :PAS, :EMA, :COD)"
     );
-    $stmt->bindValue(":USR", $username);
+    $stmt->bindValue(":USR", htmlspecialchars($username));
     $stmt->bindValue(":PAS", password_hash($password, PASSWORD_DEFAULT));
     $stmt->bindValue(":EMA", $email);
     $stmt->bindValue(":COD", $guid);
@@ -277,7 +277,7 @@ class User implements JsonSerializable
     $failed = [];
     if (!empty($username)) {
       $stmt = $db->prepare("UPDATE egb_benutzer SET benutzer = :USR WHERE id = :ID");
-      $stmt->bindValue(":USR", $username);
+      $stmt->bindValue(":USR", htmlspecialchars($username));
       $stmt->bindValue(":ID", $this->id);
       try {
         if (!$stmt->execute()) array_push($failed, "username");
@@ -378,7 +378,7 @@ class User implements JsonSerializable
       'id' => $this->id,
       'username' => $this->username,
       'status' => $this->status,
-      'email' => $this->email,
+      'email' => htmlspecialchars($this->email),
       'image' => $this->image,
       'isAdmin' => $this->isAdmin,
       'memberSince' => $this->memberSince,