From 5c07584db081f22f80cc0a10910696c969ec522e Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Mon, 21 Sep 2009 06:51:43 +0000
Subject: [PATCH] run wrong values in error message through htmlspecialchars()

---
 calendar/inc/gradient.php      | 2 +-
 calendar/inc/round_corners.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/calendar/inc/gradient.php b/calendar/inc/gradient.php
index 113cf3689f..2b8fc16472 100644
--- a/calendar/inc/gradient.php
+++ b/calendar/inc/gradient.php
@@ -35,7 +35,7 @@ foreach(array('width'=>1,'height'=>1,'color1'=>'000080','color2'=>'ffffff') as $
 foreach(array('color1','color2') as $name)
 {
 	preg_match('/^#?([0-9A-Fa-f]{2})([0-9A-Fa-f]{2})([0-9A-Fa-f]{2})$/',$$name,$rgb) or
-		die("Wrong value '".$$name."' for $name, should be something like #80FFFF' !!!");
+		die("Wrong value '".htmlspecialchars($$name)."' for $name, should be something like #80FFFF' !!!");
 
 	$$name = array('r'=>hexdec($rgb[1]),'g'=>hexdec($rgb[2]),'b'=>hexdec($rgb[3]));
 }
diff --git a/calendar/inc/round_corners.php b/calendar/inc/round_corners.php
index c8bd42491d..f094465289 100644
--- a/calendar/inc/round_corners.php
+++ b/calendar/inc/round_corners.php
@@ -41,7 +41,7 @@ imagecolortransparent($image, $white);
 foreach(array('color','bgcolor') as $name)
 {
 	preg_match('/^#?([0-9A-Fa-f]{2})([0-9A-Fa-f]{2})([0-9A-Fa-f]{2})$/',$$name,$rgb) or
-		die("Wrong value '".$$name."' for $name, should be something like #80FFFF' !!!");
+		die("Wrong value '".htmlspecialchars($$name)."' for $name, should be something like #80FFFF' !!!");
 
 	$$name = imagecolorallocate($image,hexdec($rgb[1]),hexdec($rgb[2]),hexdec($rgb[3]));
 }