Missing html escaping in addresses (Closes #1135)

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>

diff --git a/plugins/function.display_address.php b/plugins/function.display_address.php
index 32cf19c..55c1f16 100644 (file)
--- a/plugins/function.display_address.php
+++ b/plugins/function.display_address.php
@@ -85,7 +85,7 @@ function smarty_function_display_address($param, &$smarty)
     }
     foreach ($lines as $line)
     {
-        $txthtml .= "<strong>".$line."</strong><br/>\n";
+        $txthtml .= "<strong>" . pl_entities($line) . "</strong><br/>\n";
     }
     if($adr->phones() != null) {
         require_once('function.display_phones.php');