diff --git a/phpmyfaq/admin/ajax.config_list.php b/phpmyfaq/admin/ajax.config_list.php
index 50efd9681b..b675ca1b73 100755
--- a/phpmyfaq/admin/ajax.config_list.php
+++ b/phpmyfaq/admin/ajax.config_list.php
@@ -76,9 +76,23 @@ function renderInputForm($key, $type)
$value = str_replace('"', '"', $faqConfig->get($key));
}
echo '
';
+
+ switch ($key) {
+ case 'main.administrationMail':
+ $type = 'email';
+ break;
+ case 'main.referenceURL':
+ case 'main.privacyURL':
+ $type = 'url';
+ break;
+ default:
+ $type = 'text';
+ break;
+ }
+
printf(
'',
- is_numeric($value) ? 'number' : 'text',
+ is_numeric($value) ? 'number' : $type,
$key,
$key,
$value
diff --git a/phpmyfaq/contact.php b/phpmyfaq/contact.php
index 41361b9149..e66f8dd0da 100644
--- a/phpmyfaq/contact.php
+++ b/phpmyfaq/contact.php
@@ -18,6 +18,7 @@
use phpMyFAQ\Captcha;
use phpMyFAQ\Core\Exception;
use phpMyFAQ\Helper\CaptchaHelper;
+use phpMyFAQ\Strings;
use phpMyFAQ\User\CurrentUser;
if (!defined('IS_VALID_PHPMYFAQ')) {
@@ -45,7 +46,7 @@
'mainPageContent',
[
'pageHeader' => $PMF_LANG['msgContact'],
- 'msgContactOwnText' => nl2br($faqConfig->get('main.contactInformations')),
+ 'msgContactOwnText' => nl2br(Strings::htmlspecialchars($faqConfig->get('main.contactInformations'))),
'msgContactEMail' => $PMF_LANG['msgContactEMail'],
'msgContactPrivacyNote' => $PMF_LANG['msgContactPrivacyNote'],
'privacyURL' => $faqConfig->get('main.privacyURL'),