Avoid XSS silliness in the calendar plugin

[squirrelmail.git] / plugins / calendar / event_create.php

diff --git a/plugins/calendar/event_create.php b/plugins/calendar/event_create.php
index 62cd0e78c4ac5ed51ceddd34215c281ec97d168e..8cf9b06cccd47187a6db9d40af40436929fa41d5 100644 (file)
--- a/plugins/calendar/event_create.php
+++ b/plugins/calendar/event_create.php
@@ -186,11 +186,11 @@ if(!isset($event_text)){
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', $event_title, 'left', $color[4] ) . "\n"
+                    html_tag( 'td', htmlentities($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" .
-                    html_tag( 'td', $event_text, 'left', $color[4] ) . "\n"
+                    html_tag( 'td', htmlentities($event_text,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
                 ) .
                 html_tag( 'tr',
                     html_tag( 'td',