Only show text/plain if show_html_default=0

[squirrelmail.git] / src / addrbook_search_html.php

diff --git a/src/addrbook_search_html.php b/src/addrbook_search_html.php
index 1e71b23dc7b6c0d7dd1cd77af42ada670b7e43e8..54de9f8ff27c002704a2beb7c7e6e63ce4b83ae1 100644 (file)
--- a/src/addrbook_search_html.php
+++ b/src/addrbook_search_html.php
@@ -110,9 +110,9 @@ if ($javascript_on) {
              '<input type=checkbox name="send_to_search[B' . $line . ']" value = "' .
              htmlspecialchars($email) . '">&nbsp;' . _("Bcc") . '&nbsp;' ,
         'center', '', 'width="5%" nowrap' ) .
-        html_tag( 'td', '&nbsp;' . $row['name'] . '&nbsp;', 'left', '', 'nowrap' ) .
-        html_tag( 'td', '&nbsp;' . $row['email'] . '&nbsp;', 'left', '', 'nowrap' ) .
-        html_tag( 'td', '&nbsp;' . $row['label'] . '&nbsp;', 'left', '', 'nowrap' );
+        html_tag( 'td', '&nbsp;' . htmlspecialchars($row['name']) . '&nbsp;', 'left', '', 'nowrap' ) .
+        html_tag( 'td', '&nbsp;' . htmlspecialchars($row['email']) . '&nbsp;', 'left', '', 'nowrap' ) .
+        html_tag( 'td', '&nbsp;' . htmlspecialchars($row['label']) . '&nbsp;', 'left', '', 'nowrap' );
 
          if ($includesource) {
              echo html_tag( 'td', '&nbsp;' . $row['source'] . '&nbsp;', 'left', '', 'nowrap' );