From 8c4cec8df180bad03d0d4f2f675acfb9f783c656 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Wed, 22 Feb 2012 22:52:15 +0000
Subject: [PATCH] fix for invalid status messages

---
 lam/lib/modules/posixAccount.inc | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index e069ce52..0e6d3b27 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -1326,13 +1326,16 @@ class posixAccount extends baseModule implements passwordService {
 					$homeServerContainer->addElement(new htmlSpacer('5px', null));
 					$homeServerContainer->addElement(new htmlAccountPageButton(get_class($this), 'homedir', 'create_' . $i, _('Create')));
 				}
-				else {
+				elseif (trim($returnValue) != '') {
 					$messageParams = explode(",", $returnValue);
 					if (isset($messageParams[2])) {
-						$message = new htmlStatusMessage($messageParams[0], $messageParams[1], $messageParams[2]);
+						$message = new htmlStatusMessage($messageParams[0], htmlspecialchars($messageParams[1]), htmlspecialchars($messageParams[2]));
 					}
 					elseif (($messageParams[0] == 'ERROR') || ($messageParams[0] == 'WARN') || ($messageParams[0] == 'INFO')) {
-						$message = new htmlStatusMessage($messageParams[0], $messageParams[1]);
+						$message = new htmlStatusMessage($messageParams[0], htmlspecialchars($messageParams[1]));
+					}
+					else {
+						$message = new htmlStatusMessage('WARN', htmlspecialchars($messageParams[0]));
 					}
 					$message->colspan = 5;
 					$homeServerContainer->addElement($message, true);