From d9d250050177ede94a2aae360f91525be9e4440a Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sat, 28 Jan 2017 10:03:12 +0100
Subject: [PATCH] Fix description handling

---
 data/web/edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/edit.php b/data/web/edit.php
index fb382809..a9334833 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -505,7 +505,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="description"><?=$lang['add']['description'];?></label>
 						<div class="col-sm-10">
-							<input type="text" class="form-control" name="description" id="description" value="<?=$result['description'];?>" required>
+							<input type="text" class="form-control" name="description" id="description" value="<?=htmlspecialchars($result['description'], ENT_QUOTES, 'UTF-8');?>" required>
 						</div>
 					</div>
 					<div class="form-group">