while (list($undef, $row) = each($res)) {
$tr_bgcolor = '';
- $email = AddressBook::full_address($row);
+ $email = htmlspecialchars(addcslashes(AddressBook::full_address($row), "'"), ENT_QUOTES);
if ($line % 2) { $tr_bgcolor = $color[0]; }
echo html_tag( 'tr', '', '', $tr_bgcolor, 'nowrap' ) .
html_tag( 'td',
'<a href="javascript:bcc_address(' .
"'" . $email . "');\">Bcc</A></small>",
'center', '', 'valign="top" width="5%" nowrap' ) .
- html_tag( 'td', ' ' . $row['name'], 'left', '', 'valign="top" nowrap' ) .
+ html_tag( 'td', ' ' . htmlspecialchars($row['name']), 'left', '', 'valign="top" nowrap' ) .
html_tag( 'td', ' ' .
'<a href="javascript:to_and_close(' .
- "'" . $email . "');\">" . $row['email'] . '</A>'
+ "'" . $email . "');\">" . htmlspecialchars($row['email']) . '</A>'
, 'left', '', 'valign="top"' ) .
- html_tag( 'td', $row['label'], 'left', '', 'valign="top" nowrap' );
+ html_tag( 'td', htmlspecialchars($row['label']), 'left', '', 'valign="top" nowrap' );
if ($includesource) {
echo html_tag( 'td', ' ' . $row['source'], 'left', '', 'valign="top" nowrap' );
}