From df45aee2cb83433186c5291245b75e9d54626876 Mon Sep 17 00:00:00 2001
From: tokul <tokul@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Tue, 15 Aug 2006 18:02:29 +0000
Subject: [PATCH] $abook->error is never htmlsanitized in 1.5.2cvs.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11599 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 src/addressbook.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/addressbook.php b/src/addressbook.php
index d5e4ccd7..cb95e4a1 100644
--- a/src/addressbook.php
+++ b/src/addressbook.php
@@ -189,7 +189,7 @@ if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'P
                     /* Handle error messages */
                     if (!$r) {
                         /* Display error */
-                        plain_error_message( _("ERROR") .': '. $abook->error);
+                        plain_error_message( nl2br(htmlspecialchars(_("ERROR") .': '. $abook->error));
 
                         /* Display the "new address" form again */
                         abook_create_form($form_url,'editaddr',_("Update address"),_("Update address"),$newdata);
-- 
2.25.1