From cf1c6e173eec9ebb4eae9d86a6432e1d86497062 Mon Sep 17 00:00:00 2001
From: jangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sun, 18 Apr 2004 20:18:58 +0000
Subject: [PATCH] XSS Fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7172 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 src/folders_delete.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/folders_delete.php b/src/folders_delete.php
index c4032dd6..c75e1306 100644
--- a/src/folders_delete.php
+++ b/src/folders_delete.php
@@ -65,7 +65,7 @@ if( !sqgetGlobalVar('confirmed', $tmp, SQ_POST) ) {
         ) .
         html_tag( 'tr' ) .
         html_tag( 'td', '', 'center', $color[4] ) .
-        sprintf(_("Are you sure you want to delete %s?"), imap_utf7_decode_local($mailbox)).
+        sprintf(_("Are you sure you want to delete %s?"), str_replace(array(' ','<','>'),array('&nbsp;','&lt;','&gt;'),imap_utf7_decode_local($mailbox))).
 	addForm('folders_delete.php', 'POST').
 	addHidden('mailbox', $mailbox).
         '<INPUT TYPE=SUBMIT NAME="confirmed" VALUE="'._("Yes")."\">\n".
-- 
2.25.1