From 2aee62ea28726d0247147fd3e145a936222cfdb5 Mon Sep 17 00:00:00 2001
From: Florian Mortgat <florian.mortgat@atm-consulting.fr>
Date: Mon, 7 Oct 2019 17:32:52 +0200
Subject: [PATCH] FIX: $from and $sendto variables are unescaped in the sending
 error message This causes addresses like Tom <tom@examp.le> not to be shown
 in the message.

---
 htdocs/core/actions_sendmails.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/actions_sendmails.inc.php b/htdocs/core/actions_sendmails.inc.php
index 17f1a70d555..088c30aaf31 100644
--- a/htdocs/core/actions_sendmails.inc.php
+++ b/htdocs/core/actions_sendmails.inc.php
@@ -460,7 +460,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
 					$mesg='<div class="error">';
 					if ($mailfile->error)
 					{
-						$mesg.=$langs->trans('ErrorFailedToSendMail',$from,$sendto);
+						$mesg.=$langs->transnoentities('ErrorFailedToSendMail',dol_escape_htmltag($from),dol_escape_htmltag($sendto));
 						$mesg.='<br>'.$mailfile->error;
 					}
 					else