From 256bd51e0f4b9a725fd51316b09505aac4151c35 Mon Sep 17 00:00:00 2001
From: Miraty <miraty+git@antopie.org>
Date: Wed, 14 Jun 2023 22:23:15 +0200
Subject: [PATCH] Fix display username decryption error handling

---
 router.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/router.php b/router.php
index 9109a4d..a977203 100644
--- a/router.php
+++ b/router.php
@@ -70,15 +70,15 @@ if (isset($_SESSION['id'])) {
 	// Decrypt display username
 	if (!isset($_COOKIE['display-username-decryption-key']))
 		output(403, 'The display username decryption key has not been sent.');
-	$decryption_result = htmlspecialchars(sodium_crypto_aead_xchacha20poly1305_ietf_decrypt(
+	$decryption_result = sodium_crypto_aead_xchacha20poly1305_ietf_decrypt(
 		$_SESSION['display-username-cyphertext'],
 		'',
 		$_SESSION['display-username-nonce'],
 		base64_decode($_COOKIE['display-username-decryption-key'])
-	));
+	);
 	if ($decryption_result === false)
 		output(403, 'Unable to decrypt display username.');
-	define('DISPLAY_USERNAME', $decryption_result);
+	define('DISPLAY_USERNAME', htmlspecialchars($decryption_result));
 
 	// Enable not already enabled services for this user
 	$user_services = array_filter(explode(',', query('select', 'users', ['id' => $_SESSION['id']], 'services')[0]));