Bug #9357: XSS fix for VCARD attachments

author Michael M Slusarz <slusarz@curecanti.org>

Tue, 2 Nov 2010 19:53:21 +0000 (13:53 -0600)

committer Michael M Slusarz <slusarz@curecanti.org>

Tue, 2 Nov 2010 19:53:42 +0000 (13:53 -0600)
author Michael M Slusarz <slusarz@curecanti.org>
Tue, 2 Nov 2010 19:53:21 +0000 (13:53 -0600)
committer Michael M Slusarz <slusarz@curecanti.org>
Tue, 2 Nov 2010 19:53:42 +0000 (13:53 -0600)
diff --git a/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php b/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php

index f3d4c91..3f206b1 100644 (file)
--- a/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php
+++ b/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php
@@ -144,7 +144,7 @@ class Horde_Core_Mime_Viewer_Vcard extends Horde_Mime_Viewer_Base
                      ? $addresses[0]['value']
                      : Horde_Core_Translation::t("[No Label]");
              }
-            $html .= $fullname . '</td></tr>';
+            $html .= htmlspecialchars($fullname) . '</td></tr>';
  
              $n = $vc->printableName();
              if (!empty($n)) {
author	Michael M Slusarz <slusarz@curecanti.org>
	Tue, 2 Nov 2010 19:53:21 +0000 (13:53 -0600)
committer	Michael M Slusarz <slusarz@curecanti.org>
	Tue, 2 Nov 2010 19:53:42 +0000 (13:53 -0600)