From 63cff249a8937b65b168f3171b395d83cfae9bd2 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Sun, 10 Feb 2013 14:37:37 +0100
Subject: Properly quote form validation error messages

---
 program/steps/addressbook/save.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'program/steps/addressbook/save.inc')

diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index 901ea0190..8cab6e817 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -82,7 +82,7 @@ if (empty($a_record['name'])) {
 // do input checks (delegated to $CONTACTS instance)
 if (!$CONTACTS->validate($a_record)) {
     $err = (array)$CONTACTS->get_error();
-    $OUTPUT->show_message($err['message'] ? $err['message'] : 'formincomplete', 'warning');
+    $OUTPUT->show_message($err['message'] ? Q($err['message']) : 'formincomplete', 'warning');
     $GLOBALS['EDIT_RECORD'] = $a_record;  // store submitted data to be used in edit form
     rcmail_overwrite_action($return_action);
     return;
-- 
cgit v1.2.3