From cbb695a6de0f5cea9c78fc4bb700c0a6852f9a48 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 14 Feb 2013 17:23:51 -0500
Subject: [PATCH] Correctly quote spell text contents inside the xml container

---
 program/lib/Roundcube/rcube_spellchecker.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/lib/Roundcube/rcube_spellchecker.php b/program/lib/Roundcube/rcube_spellchecker.php
index 3d4d3a3..d4f23d1 100644
--- a/program/lib/Roundcube/rcube_spellchecker.php
+++ b/program/lib/Roundcube/rcube_spellchecker.php
@@ -354,7 +354,7 @@
 
         $gtext = '<?xml version="1.0" encoding="utf-8" ?>'
             .'<spellrequest textalreadyclipped="0" ignoredups="0" ignoredigits="1" ignoreallcaps="1">'
-            .'<text>' . $gtext . '</text>'
+            .'<text>' . htmlspecialchars($gtext) . '</text>'
             .'</spellrequest>';
 
         $store = '';

--
Gitblit v1.9.1