XSS Fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7172 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/src/folders_delete.php b/src/folders_delete.php
index c4032dd6bbc21365f2fe1cd16251ec9f57dbfbef..c75e1306bd5c62eb83e9cab31c2c68fcbfefbc9a 100644 (file)
--- a/src/folders_delete.php
+++ b/src/folders_delete.php
@@ -65,7 +65,7 @@ if( !sqgetGlobalVar('confirmed', $tmp, SQ_POST) ) {
         ) .
         html_tag( 'tr' ) .
         html_tag( 'td', '', 'center', $color[4] ) .
-        sprintf(_("Are you sure you want to delete %s?"), imap_utf7_decode_local($mailbox)).
+        sprintf(_("Are you sure you want to delete %s?"), str_replace(array(' ','<','>'),array('&nbsp;','&lt;','&gt;'),imap_utf7_decode_local($mailbox))).
        addForm('folders_delete.php', 'POST').
        addHidden('mailbox', $mailbox).
         '<INPUT TYPE=SUBMIT NAME="confirmed" VALUE="'._("Yes")."\">\n".