Avoid XSS silliness in the calendar plugin

[squirrelmail.git] / plugins / calendar / event_create.php

diff --git a/plugins/calendar/event_create.php b/plugins/calendar/event_create.php
index 5ce78fb7db2ca5de1eb3bfb2f99dfd77b3991e89..8cf9b06cccd47187a6db9d40af40436929fa41d5 100644 (file)
--- a/plugins/calendar/event_create.php
+++ b/plugins/calendar/event_create.php
@@ -3,7 +3,7 @@
 /**
  * event_create.php
  *
- * Copyright (c) 2002 The SquirrelMail Project Team
+ * Copyright (c) 2002-2003 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * Originally contrubuted by Michal Szczotka <michal@tuxy.org>
@@ -186,11 +186,11 @@ if(!isset($event_text)){
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', $event_title, 'left', $color[4] ) . "\n"
+                    html_tag( 'td', htmlentities($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', $event_text, 'left', $color[4] ) . "\n"
+                    html_tag( 'td', htmlentities($event_text,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td',