Commit 9badf3aa authored by Carsten Schmitz's avatar Carsten Schmitz

Fixed issue: When sending invitation the sender name/email was not properly escaped

parent 112ca720
......@@ -68,8 +68,7 @@
<ul>
<li><label for='from_<?php echo $language; ?>'><?php $clang->eT("From"); ?>:</label>
<input type='text' size='50' id='from_<?php echo $language; ?>' name='from_<?php echo $language; ?>' value="<?php echo "{$thissurvey[$baselang]['adminname']} <{$thissurvey[$baselang]['adminemail']}>"; ?>" /></li>
<input type='text' size='50' id='from_<?php echo $language; ?>' name='from_<?php echo $language; ?>' value="<?php echo htmlspecialchars($thissurvey[$baselang]['adminname'],ENT_QUOTES,'UTF-8')."<".htmlspecialchars($thissurvey[$baselang]['adminemail'],ENT_QUOTES,'UTF-8').">"; ?>" /></li>
<li><label for='subject_<?php echo $language; ?>'><?php $clang->eT("Subject"); ?>:</label>
<input type='text' size='83' id='subject_<?php echo $language; ?>' name='subject_<?php echo $language; ?>' value="<?php echo $subject; ?>" /></li>
......
......@@ -33,7 +33,7 @@
}
echo "<div id='tabpage_{$language}'><ul>"
. "<li><label for='from_$language' >" . $clang->gT("From") . ":</label>\n"
. "<input type='text' size='50' name='from_$language' id='from_$language' value=\"{$thissurvey['adminname']} <{$thissurvey['adminemail']}>\" /></li>\n"
. "<input type='text' size='50' name='from_$language' id='from_$language' value=\"".htmlspecialchars($thissurvey['adminname'],ENT_QUOTES,'UTF-8')."<".htmlspecialchars($thissurvey['adminemail'],ENT_QUOTES,'UTF-8').">\" /></li>\n"
. "<li><label for='subject_$language' >" . $clang->gT("Subject") . ":</label>";
$fieldsarray["{ADMINNAME}"] = $thissurvey['adminname'];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment