X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Faddrbook_search.php;h=f6d637486f76bcf4299bc2378aaae4629149fcde;hb=4f664925c839b9a9f58e4699718a1254ba35a8d7;hp=0f9b4bacb13698968250e807545f04223f9d3eec;hpb=ac987a56a67a53a01b7db77a02fdd9c9241b4549;p=squirrelmail.git
diff --git a/src/addrbook_search.php b/src/addrbook_search.php
index 0f9b4bac..f6d63748 100644
--- a/src/addrbook_search.php
+++ b/src/addrbook_search.php
@@ -15,9 +15,13 @@
* $Id$
*/
-require_once('../src/validate.php');
-require_once('../functions/strings.php');
-require_once('../functions/html.php');
+/* Path for SquirrelMail required files. */
+define('SM_PATH','../');
+
+/* SquirrelMail required files. */
+require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/strings.php');
+require_once(SM_PATH . 'functions/html.php');
/* Function to include JavaScript code */
function insert_javascript() {
@@ -108,22 +112,23 @@ function display_result($res, $includesource = true) {
while (list($undef, $row) = each($res)) {
$tr_bgcolor = '';
+ $email = htmlspecialchars(addcslashes(AddressBook::full_address($row), "'"), ENT_QUOTES);
if ($line % 2) { $tr_bgcolor = $color[0]; }
echo html_tag( 'tr', '', '', $tr_bgcolor, 'nowrap' ) .
html_tag( 'td',
'To | " .
+ "'" . $email . "');\">To | " .
'Cc | " .
+ "'" . $email . "');\">Cc | " .
'Bcc",
+ "'" . $email . "');\">Bcc",
'center', '', 'valign="top" width="5%" nowrap' ) .
- html_tag( 'td', ' ' . $row['name'], 'left', '', 'valign="top" nowrap' ) .
+ html_tag( 'td', ' ' . htmlspecialchars($row['name']), 'left', '', 'valign="top" nowrap' ) .
html_tag( 'td', ' ' .
'" . $row['email'] . ''
+ "'" . $email . "');\">" . htmlspecialchars($row['email']) . ''
, 'left', '', 'valign="top"' ) .
- html_tag( 'td', $row['label'], 'left', '', 'valign="top" nowrap' );
+ html_tag( 'td', htmlspecialchars($row['label']), 'left', '', 'valign="top" nowrap' );
if ($includesource) {
echo html_tag( 'td', ' ' . $row['source'], 'left', '', 'valign="top" nowrap' );
}