aboutsummaryrefslogtreecommitdiffstats
path: root/apps/sharebymail
diff options
context:
space:
mode:
Diffstat (limited to 'apps/sharebymail')
-rw-r--r--apps/sharebymail/lib/ShareByMailProvider.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/sharebymail/lib/ShareByMailProvider.php b/apps/sharebymail/lib/ShareByMailProvider.php
index 31df8a18951..61c9c01e9ab 100644
--- a/apps/sharebymail/lib/ShareByMailProvider.php
+++ b/apps/sharebymail/lib/ShareByMailProvider.php
@@ -404,7 +404,7 @@ class ShareByMailProvider implements IShareProvider {
$text = $this->l->t('%s shared »%s« with you.', [$initiatorDisplayName, $filename]);
$emailTemplate->addBodyText(
- $text . ' ' . $this->l->t('Click the button below to open it.'),
+ htmlspecialchars($text . ' ' . $this->l->t('Click the button below to open it.')),
$text
);
$emailTemplate->addBodyButton(
@@ -476,7 +476,7 @@ class ShareByMailProvider implements IShareProvider {
$emailTemplate->setSubject($this->l->t('Password to access »%s« shared to you by %s', [$filename, $initiatorDisplayName]));
$emailTemplate->addHeader();
$emailTemplate->addHeading($this->l->t('Password to access »%s«', [$filename]), false);
- $emailTemplate->addBodyText($htmlBodyPart, $plainBodyPart);
+ $emailTemplate->addBodyText(htmlspecialchars($htmlBodyPart), $plainBodyPart);
$emailTemplate->addBodyText($this->l->t('It is protected with the following password: %s', [$password]));
// The "From" contains the sharers name
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 18:00:14 +0000