diff options
| author | Dries Buytaert <dries@buytaert.net> | 2007-01-10 15:17:51 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2007-01-10 15:17:51 +0000 |
| commit | 74e3c74b813c2da89d99c86bc1f6d8f11d978fba (patch) | |
| tree | df794b05f6dce316232280cd41d0ff3f015401a7 /modules/contact | |
| parent | 414b5e3901271b91bebdd03c3abe00f507dbc87c (diff) | |
| download | brdo-74e3c74b813c2da89d99c86bc1f6d8f11d978fba.tar.gz brdo-74e3c74b813c2da89d99c86bc1f6d8f11d978fba.tar.bz2 | |
- Always check the username.
Diffstat (limited to 'modules/contact')
| -rw-r--r-- | modules/contact/contact.module | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/contact/contact.module b/modules/contact/contact.module index 132e69e14..f3f9c96b4 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -310,7 +310,7 @@ function contact_user_page() { $output = t('You cannot contact more than %number users per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3))); } else { - drupal_set_title($account->name); + drupal_set_title(check_plain($account->name)); $output = drupal_get_form('contact_mail_user', $account); } @@ -326,11 +326,11 @@ function contact_mail_user($recipient) { $form['#token'] = $user->name . $user->mail; $form['from'] = array('#type' => 'item', '#title' => t('From'), - '#value' => $user->name .' <'. $user->mail .'>', + '#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>', ); $form['to'] = array('#type' => 'item', '#title' => t('To'), - '#value' => $recipient->name, + '#value' => check_plain($recipient->name), ); $form['subject'] = array('#type' => 'textfield', '#title' => t('Subject'), |