# HG changeset patch
# User Paul Aurich <paul@darkrain42.org>
# Date 1250698907 0
# Node ID cc70e2bc4de52468491fb83a043aa835b9fafd60
# Parent  a8844bb7a60ec4cd2eab1e2daa41f80f235ab534
jabber: Escape status messages with a '<' or '>' in the Get Info dialog.

Marcus pointed this out.

diff -r a8844bb7a60e -r cc70e2bc4de5 ChangeLog
--- a/ChangeLog	Wed Aug 19 08:28:29 2009 +0000
+++ b/ChangeLog	Wed Aug 19 16:21:47 2009 +0000
@@ -3,6 +3,7 @@
 version 2.6.2 (??/??/2009):
 	XMPP:
 	* Prompt the user before cancelling a presence subscription.
+	* Escape status messages that have HTML entities in the Get Info dialog.
 
 version 2.6.1 (08/18/2009):
 	* Fix a crash when some users send you a link in a Yahoo IM
diff -r a8844bb7a60e -r cc70e2bc4de5 libpurple/protocols/jabber/buddy.c
--- a/libpurple/protocols/jabber/buddy.c	Wed Aug 19 08:28:29 2009 +0000
+++ b/libpurple/protocols/jabber/buddy.c	Wed Aug 19 16:21:47 2009 +0000
@@ -749,7 +749,9 @@
 		const char *status_name = jabber_buddy_state_get_name(jbr->state);
 
 		if (jbr->status) {
-			purdy = purple_strdup_withhtml(jbr->status);
+			tmp = purple_markup_escape_text(jbr->status, -1);
+			purdy = purple_strdup_withhtml(tmp);
+			g_free(tmp);
 
 			if (purple_strequal(status_name, purdy))
 				status_name = NULL;