From 5c4d9e48bdfb514dccdfc18fbb520afe7329039e Mon Sep 17 00:00:00 2001
From: David Goodwin <david@palepurple.co.uk>
Date: Tue, 10 Jan 2012 16:09:38 +0000
Subject: [PATCH] escape provided url better (fix XSS vuln) - thanks to Flippo
 Cavallarin for reporting this

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@1322 a1433add-5e2c-0410-b055-b7f2511e0802
---
 templates/edit-vacation.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/templates/edit-vacation.php b/templates/edit-vacation.php
index 268c910b..e5ddb888 100644
--- a/templates/edit-vacation.php
+++ b/templates/edit-vacation.php
@@ -2,8 +2,7 @@
 <script type="text/javascript">
 function newLocation()
 {
-window.location="<?php print $fCanceltarget; ?>"
-
+    window.location= "<?php echo urlencode($fCanceltarget); ?>"
 }
 </script>
 <div id="edit_form">