diff --git a/manager/application/views/helpers/UserInfo.php b/manager/application/views/helpers/UserInfo.php
index bf98f1b..b0f8703 100644
--- a/manager/application/views/helpers/UserInfo.php
+++ b/manager/application/views/helpers/UserInfo.php
@@ -82,7 +82,7 @@ class Zend_View_Helper_UserInfo extends Zend_View_Helper_Placeholder_Container_S
$output .= $indent . "
\n";
$output .= $indent . "\tUser: " . $this->items['authed_username'] . "
\n";
- $output .= $indent . "\tName: " . $this->items['authed_fname'] . ' ' . $this->items['authed_lname'] . "
\n";
+ $output .= $indent . "\tName: " . htmlentities(strip_tags($this->items['authed_fname'] . ' ' . $this->items['authed_lname']), ENT_QUOTES, 'ISO-8859-1') . "
\n";
$output .= $indent . "\tRole: " . $this->items['authed_role'] . "
\n";
if ($this->items['authed_by_crt'] === true)
$output .= $indent . "\tLoginmethod: CRT
\n";
diff --git a/manager/application/views/scripts/mail/full.phtml b/manager/application/views/scripts/mail/full.phtml
index 1bfed87..01d8ff2 100644
--- a/manager/application/views/scripts/mail/full.phtml
+++ b/manager/application/views/scripts/mail/full.phtml
@@ -23,14 +23,14 @@ else {
headers as $header) {
- print "
\n";
- print " detailslink . "\">" . $header->fromaddress . " | ";
- print " " . $header->toaddress . " | ";
- print " " . $header->subject . " | ";
- print " " . $header->date . " | ";
- print " " . $header->Size . " | ";
- print " deletelink . "\"> | ";
- print "
\n";
+ print "
\n";
+ print " detailslink . "\">" . $header->fromaddress . " | ";
+ print " " . $header->toaddress . " | ";
+ print " " . htmlspecialchars(quoted_printable_decode($header->subject), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') . " | ";
+ print " " . $header->date . " | ";
+ print " " . $header->Size . " | ";
+ print " deletelink . "\"> | ";
+ print "
\n";
}
}
?>
diff --git a/manager/application/views/scripts/mail/index.phtml b/manager/application/views/scripts/mail/index.phtml
index 427d0e9..3eecfdc 100644
--- a/manager/application/views/scripts/mail/index.phtml
+++ b/manager/application/views/scripts/mail/index.phtml
@@ -23,14 +23,14 @@ else {
headers as $header) {
- print "
\n";
- print " detailslink . "\">" . $header->fromaddress . " | ";
- print " " . $header->toaddress . " | ";
- print " " . $header->subject . " | ";
- print " " . $header->date . " | ";
- print " " . $header->Size . " | ";
- print " deletelink . "\"> | ";
- print "
\n";
+ print "
\n";
+ print " detailslink . "\">" . $header->fromaddress . " | ";
+ print " " . $header->toaddress . " | ";
+ print " " . htmlspecialchars(quoted_printable_decode($header->subject), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') . " | ";
+ print " " . $header->date . " | ";
+ print " " . $header->Size . " | ";
+ print " deletelink . "\"> | ";
+ print "
\n";
}
}
?>