first start of removing direct access of key/onetimepad in all scripts

[squirrelmail.git] / src / addrbook_search.php

diff --git a/src/addrbook_search.php b/src/addrbook_search.php
index 0091b182789a3d116745129b08cb17a786aa3aa8..843303cc9e5815503b5b015bb85d7fa7151d143b 100644 (file)
--- a/src/addrbook_search.php
+++ b/src/addrbook_search.php
@@ -209,13 +209,15 @@ if ($show == 'form' && ! isset($listall)) {
             '" method="post">' . "\n" .
          html_tag( 'table', '', '', '', 'border="0" width="100%" height="100%"' ) .
          html_tag( 'tr' ) .
-         html_tag( 'td', '  <strong>' . _("Search for") . "</strong>\n", 'left', '', 'style="white-space: nowrap;" valign="middle" width="10%"' ) .
+         html_tag( 'td', '  <strong><label for="query">' . _("Search for") .
+             "</label></strong>\n", 'left', '',
+             'style="white-space: nowrap;" valign="middle" width="10%"' ) .
          html_tag( 'td', '', 'left', '', '' ) .
          addInput('query', $query, 28);
 
     /* List all backends to allow the user to choose where to search */
     if ($abook->numbackends > 1) {
-        echo '<strong>' . _("in") . '</strong>&nbsp;'."\n";
+        echo '<strong><label for="backend">' . _("in") . '</label></strong>&nbsp;'."\n";
         $selopts = array();
         $selopts['-1'] = _("All address books");
 
@@ -282,7 +284,7 @@ if ($show == 'form' && ! isset($listall)) {
         if (!is_array($res)) {
             echo html_tag( 'p', '<b><br />' .
                            _("Your search failed with the following error(s)") .
-                           ':<br />' . $abook->error . "</b>\n" ,
+                           ':<br />' . nl2br(htmlspecialchars($abook->error)) . "</b>\n" ,
                            'center' );
         } elseif (sizeof($res) == 0) {
             echo html_tag( 'p', '<br /><b>' .
@@ -300,4 +302,4 @@ if ($show == 'form' && ! isset($listall)) {
     }
 }
 $oTemplate->display('footer.tpl');
-?>
\ No newline at end of file
+?>