Properly escape user name in error message

bhaak · bhaak · commit bfcd7be748b4 · 2025-06-01T11:23:49.000+02:00
Thanks Demo!
diff --git a/lib/junethack/sinatra_server.rb b/lib/junethack/sinatra_server.rb
@@ -274,7 +274,7 @@ def caching_check_application_start_time
             redirect "/login" and return
         else
             session['errors'] << "Could not register account"
-            puts "could not register user #{params[:username]}"
+            puts "Could not register user #{params[:username]}"
             redirect "/register" and return
         end
     rescue
@@ -302,7 +302,7 @@ def caching_check_application_start_time
 
         haml :user, :layout => @layout
     else
-        session['errors'] << "Could not find user #{params[:name]}"
+        session['errors'] << "Could not find user #{CGI::escape(params[:name])}"
     end
 end
 
