XSS fixes

[squirrelmail.git] / plugins / listcommands / mailout.php

diff --git a/plugins/listcommands/mailout.php b/plugins/listcommands/mailout.php
index c85d2680c9dccd61e8a933066a6dbe6280505009..58dfb7aed2ab81a028677353535eb24a47e4bde7 100644 (file)
--- a/plugins/listcommands/mailout.php
+++ b/plugins/listcommands/mailout.php
@@ -33,14 +33,6 @@ sqgetGlobalVar('action',  $action,  SQ_GET);
 displayPageHeader($color, $mailbox);
 $fieldsdescr = listcommands_fieldsdescr();
 
-echo html_tag('p', '', 'left' ) .
-    html_tag( 'table', '', 'center', $color[0], 'border="0" width="75%"' ) . "\n" .
-    html_tag( 'tr',
-            html_tag( 'th', _("Mailinglist") . ': ' . $fieldsdescr[$action], '', $color[9] )
-            ) .
-    html_tag( 'tr' ) .
-    html_tag( 'td', '', 'left' );
-
 switch ( $action ) {
     case 'help':
         $out_string = _("This will send a message to %s requesting help for this list. You will receive an emailed response at the address below.");
@@ -50,8 +42,20 @@ switch ( $action ) {
         break;
     case 'unsubscribe':
         $out_string = _("This will send a message to %s requesting that you will be unsubscribed from this list. It will try to unsubscribe the adress below.");
+        break;
+    default:
+        error_box(sprintf(_("Unknown action: %s"),htmlspecialchars($action)), $color);
+        exit;
 }
 
+echo html_tag('p', '', 'left' ) .
+    html_tag( 'table', '', 'center', $color[0], 'border="0" width="75%"' ) . "\n" .
+    html_tag( 'tr',
+            html_tag( 'th', _("Mailinglist") . ': ' . $fieldsdescr[$action], '', $color[9] )
+            ) .
+    html_tag( 'tr' ) .
+    html_tag( 'td', '', 'left' );
+
 printf($out_string, '"' . htmlspecialchars($send_to) . '"');
 
 echo addForm(SM_PATH . 'src/compose.php', 'post');