htmlspecialchars the from and subject of communications

2009-10-16 15:23:21 +00:00 · 2009-10-16 15:23:21 +00:00 · b240e36f19
commit b240e36f19
parent 5d9824a5a6
1 changed files with 2 additions and 2 deletions
--- a/admin/fundraising_campaigns.php
+++ b/admin/fundraising_campaigns.php
@ -415,8 +415,8 @@ switch($_GET['action']){


 				echo "<table cellspacing=0 cellpadding=3 border=1 style=\"margin-left: 30px; margin-right: 30px; width: 700px;\">";
-				echo "<tr><td>".i18n("Subject")."</td><td>$email->subject</td></tr>\n";
-				echo "<tr><td>".i18n("From")."</td><td>$email->from</td></tr>\n";
+				echo "<tr><td>".i18n("Subject")."</td><td>".htmlspecialchars($email->subject)."</td></tr>\n";
+				echo "<tr><td>".i18n("From")."</td><td>".htmlspecialchars($email->from)."</td></tr>\n";
 				echo "<tr><td colspan=\"2\">".$email->bodyhtml."</td></tr>\n";
 				echo "<tr><td colspan=\"2\">";
 				echo "<table style=\"width: 100%;\"><tr>";