A terrible pile of things done to the code. Did a little bit of SM_PATH

[squirrelmail.git] / src / addressbook.php

diff --git a/src/addressbook.php b/src/addressbook.php
index 86007d514f5d924c6c34e243716fc3b89ac23eec..ab148752457edb1dc1877e9c2c16444be75b8e83 100644 (file)
--- a/src/addressbook.php
+++ b/src/addressbook.php
@@ -11,12 +11,16 @@
  * $Id$
  */
 
-require_once('../src/validate.php');
-require_once('../functions/array.php');
-require_once('../functions/display_messages.php');
-require_once('../functions/addressbook.php');
-require_once('../functions/strings.php');
-require_once('../functions/html.php');
+/* Path for SquirrelMail required files. */
+define('SM_PATH','../');
+
+/* SquirrelMail required files. */
+require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/array.php');
+require_once(SM_PATH . 'functions/display_messages.php');
+require_once(SM_PATH . 'functions/addressbook.php');
+require_once(SM_PATH . 'functions/strings.php');
+require_once(SM_PATH . 'functions/html.php');
 
 /* Make an input field */
 function adressbook_inp_field($label, $field, $name, $size, $values, $add) {
@@ -339,8 +343,8 @@ if ($showaddrlist) {
             else {
                 echo '<A HREF="compose.php?send_to=' . rawurlencode($email).'">';
             }
-            echo $row['email'] . '</A>&nbsp;</td>'."\n".
-            html_tag( 'td', '&nbsp;' . $row['label'] . '&nbsp;', 'left', '', 'valign="top" width="1%"' ) .
+            echo htmlspecialchars($row['email']) . '</A>&nbsp;</td>'."\n".
+            html_tag( 'td', '&nbsp;' . htmlspecialchars($row['label']) . '&nbsp;', 'left', '', 'valign="top" width="1%"' ) .
             "</tr>\n";
             $line++;
         }