From 438909ba28b0f033c5ce26730d41f49d37abb23e Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Mon, 28 Dec 2009 11:53:49 +0000
Subject: - Patch #669060 by Damien Tournoud: fixed SA-CORE-2009-009: contact
 category name XSS.

---
 modules/contact/contact.admin.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/contact')

diff --git a/modules/contact/contact.admin.inc b/modules/contact/contact.admin.inc
index e4496462e..929d5ac12 100644
--- a/modules/contact/contact.admin.inc
+++ b/modules/contact/contact.admin.inc
@@ -24,8 +24,8 @@ function contact_category_list() {
   // Loop through the categories and add them to the table.
   foreach ($categories as $category) {
     $rows[] = array(
-      $category->category,
-      $category->recipients,
+      check_plain($category->category),
+      check_plain($category->recipients),
       ($category->selected ? t('Yes') : t('No')),
       l(t('Edit'), 'admin/structure/contact/edit/' . $category->cid),
       l(t('Delete'), 'admin/structure/contact/delete/' . $category->cid),
-- 
cgit v1.2.3