From: Michael M Slusarz <slusarz@curecanti.org>
Date: Tue, 2 Nov 2010 19:53:21 +0000 (-0600)
Subject: Bug #9357: XSS fix for VCARD attachments
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=5e0dc28dfa868f1481181bb604e7c44a0d5dadc4;p=horde.git

Bug #9357: XSS fix for VCARD attachments
---

diff --git a/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php b/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php
index f3d4c91de..3f206b1eb 100644
--- a/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php
+++ b/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php
@@ -144,7 +144,7 @@ class Horde_Core_Mime_Viewer_Vcard extends Horde_Mime_Viewer_Base
                     ? $addresses[0]['value']
                     : Horde_Core_Translation::t("[No Label]");
             }
-            $html .= $fullname . '</td></tr>';
+            $html .= htmlspecialchars($fullname) . '</td></tr>';
 
             $n = $vc->printableName();
             if (!empty($n)) {