diff options
Diffstat (limited to 'modules/contact/contact.module')
| -rw-r--r-- | modules/contact/contact.module | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/contact/contact.module b/modules/contact/contact.module index 132e69e14..f3f9c96b4 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -310,7 +310,7 @@ function contact_user_page() { $output = t('You cannot contact more than %number users per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3))); } else { - drupal_set_title($account->name); + drupal_set_title(check_plain($account->name)); $output = drupal_get_form('contact_mail_user', $account); } @@ -326,11 +326,11 @@ function contact_mail_user($recipient) { $form['#token'] = $user->name . $user->mail; $form['from'] = array('#type' => 'item', '#title' => t('From'), - '#value' => $user->name .' <'. $user->mail .'>', + '#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>', ); $form['to'] = array('#type' => 'item', '#title' => t('To'), - '#value' => $recipient->name, + '#value' => check_plain($recipient->name), ); $form['subject'] = array('#type' => 'textfield', '#title' => t('Subject'), |