From 48a1626427e939088b196500aa701eea779a66c9 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Wed, 21 Mar 2007 13:36:09 +0000
Subject: [PATCH] escape HTML special chars

---
 lam/lib/lists.inc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lam/lib/lists.inc b/lam/lib/lists.inc
index d8c6338d..c1df6987 100644
--- a/lam/lib/lists.inc
+++ b/lam/lib/lists.inc
@@ -418,9 +418,11 @@ class lamList {
 			if (is_array($entry[$attribute])) {
 				// sort array
 				sort($entry[$attribute]);
-				echo implode("; ", $entry[$attribute]);
+				echo htmlspecialchars(implode("; ", $entry[$attribute]), ENT_QUOTES, "UTF-8");
+			}
+			else {
+				echo htmlspecialchars($entry[$attribute], ENT_QUOTES, "UTF-8");
 			}
-			else echo $entry[$attribute];
 		}		
 	}