From 5e0dc28dfa868f1481181bb604e7c44a0d5dadc4 Mon Sep 17 00:00:00 2001
From: Michael M Slusarz <slusarz@curecanti.org>
Date: Tue, 2 Nov 2010 13:53:21 -0600
Subject: [PATCH] Bug #9357: XSS fix for VCARD attachments

---
 framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php b/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php
index f3d4c91de..3f206b1eb 100644
--- a/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php
+++ b/framework/Core/lib/Horde/Core/Mime/Viewer/Vcard.php
@@ -144,7 +144,7 @@ class Horde_Core_Mime_Viewer_Vcard extends Horde_Mime_Viewer_Base
                     ? $addresses[0]['value']
                     : Horde_Core_Translation::t("[No Label]");
             }
-            $html .= $fullname . '</td></tr>';
+            $html .= htmlspecialchars($fullname) . '</td></tr>';
 
             $n = $vc->printableName();
             if (!empty($n)) {
-- 
2.11.0