SpecialActiveUsers: escape group names

Change-Id: I1a4d1501b8481d9f670916818fe7f75e983c2800

diff --git a/includes/specials/SpecialActiveusers.php b/includes/specials/SpecialActiveusers.php
index 7e29be0..a01e9b2 100644 (file)
--- a/includes/specials/SpecialActiveusers.php
+++ b/includes/specials/SpecialActiveusers.php
@@ -86,7 +86,7 @@ class SpecialActiveUsers extends SpecialPage {
                $groups = User::getAllGroups();
 
                foreach ( $groups as $group ) {
-                       $msg = User::getGroupName( $group );
+                       $msg = htmlspecialchars( User::getGroupName( $group ) );
                        $options[$msg] = $group;
                }