diff --git a/app/contacts/contacts.php b/app/contacts/contacts.php index d1aca1aeed..90b2328252 100644 --- a/app/contacts/contacts.php +++ b/app/contacts/contacts.php @@ -246,13 +246,13 @@ foreach($result as $row) { $tr_link = "href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'"; echo "\n"; - echo " ".ucwords($row['contact_type'])." \n"; - echo " ".$row['contact_organization']." \n"; - echo " ".$row['contact_name_given']." \n"; - echo " ".$row['contact_name_family']." \n"; - echo " ".$row['contact_nickname']." \n"; - echo " ".$row['contact_title']." \n"; - echo " ".$row['contact_role']." \n"; + echo " ".ucwords(escape($row['contact_type']))." \n"; + echo " ".escape($row['contact_organization'])." \n"; + echo " ".escape($row['contact_name_given'])." \n"; + echo " ".escape($row['contact_name_family'])." \n"; + echo " ".escape($row['contact_nickname'])." \n"; + echo " ".escape($row['contact_title'])." \n"; + echo " ".escape($row['contact_role'])." \n"; echo " "; if (sizeof($contact_sync_sources[$row['contact_uuid']]) > 0) { foreach ($contact_sync_sources[$row['contact_uuid']] as $contact_sync_source) { @@ -264,8 +264,8 @@ else { echo " "; } echo " \n"; echo " "; - echo "$v_link_label_edit"; - echo "$v_link_label_delete"; + echo "$v_link_label_edit"; + echo "$v_link_label_delete"; echo " \n"; echo "\n"; if ($c==0) { $c=1; } else { $c=0; }