projects / squirrelmail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8ce0f07)
$abook->error is never htmlsanitized in 1.5.2cvs.
authortokul <tokul@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Tue, 15 Aug 2006 18:02:29 +0000 (18:02 +0000)
committertokul <tokul@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Tue, 15 Aug 2006 18:02:29 +0000 (18:02 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11599 7612ce4b-ef26-0410-bec9-ea0150e637f0

src/addressbook.php patch | blob | blame | history

diff --git a/src/addressbook.php b/src/addressbook.php
index d5e4ccd769594c427fdcd3e5bf8c711e42aaea26..cb95e4a16b6dbc94a3e19f6ee00db8494313054a 100644 (file)
--- a/src/addressbook.php
+++ b/src/addressbook.php
@@ -189,7 +189,7 @@ if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'P
                     /* Handle error messages */
                     if (!$r) {
                         /* Display error */
-                        plain_error_message( _("ERROR") .': '. $abook->error);
+                        plain_error_message( nl2br(htmlspecialchars(_("ERROR") .': '. $abook->error));
 
                         /* Display the "new address" form again */
                         abook_create_form($form_url,'editaddr',_("Update address"),_("Update address"),$newdata);
Unnamed repository; edit this file 'description' to name the repository.