From 79a4414e973365083cb1c201a623d75580d1a59e Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Wed, 2 Jul 2003 00:18:11 +0000
Subject: [PATCH] xss fix, running the content of the address-label-function
 through strip_html

---
 addressbook/inc/class.uiaddressbook.inc.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/addressbook/inc/class.uiaddressbook.inc.php b/addressbook/inc/class.uiaddressbook.inc.php
index a6739e85e7..68f2aa3fc3 100644
--- a/addressbook/inc/class.uiaddressbook.inc.php
+++ b/addressbook/inc/class.uiaddressbook.inc.php
@@ -999,11 +999,7 @@
 							$data = $coldata;
 						}
 					}
-					elseif($column == 'label' && $coldata)
-					{
-						$data .= $this->contacts->formatted_address($fields[0]['id'],'',False);
-					}
-					elseif($column == 'url' && $coldata)
+					elseif ($column == 'url' && $coldata)
 					{
 						$ref = '<a href="' . $coldata . '" target="_new">';
 						$data = $coldata . '</a>';
@@ -1020,6 +1016,11 @@
 						}
 						$data = $coldata.'</a>';
 					}
+					elseif ($column == 'bday')
+					{
+						list($month,$day,$year) = explode('/',$coldata);
+						$data = $GLOBALS['phpgw']->common->dateformatorder($year,$month,$day,True);
+					}
 					else
 					{
 						/* But these do not */