From a7612e6c39f9d4053c5791ef30782523f0d113d0 Mon Sep 17 00:00:00 2001
From: Kristian Feldsam <feldsam@gmail.com>
Date: Sat, 16 Oct 2021 15:23:39 +0200
Subject: [PATCH] [web] alerts - fixed double quotes and escaped html

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
---
 data/web/inc/footer.inc.php  | 2 +-
 data/web/templates/base.twig | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php
index 3d4b3c33..4d0a18b4 100644
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -16,7 +16,7 @@ if (is_array($alertbox_log_parser)) {
   }
   $alert = array_filter(array_unique($alerts));
   foreach($alert as $alert_type => $alert_msg) {
-    $alerts[$alert_type] = json_encode(implode('<hr class="alert-hr">', $alert_msg));
+    $alerts[$alert_type] = implode('<hr class="alert-hr">', $alert_msg);
   }
   unset($_SESSION['return']);
 }
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 41816cb2..b70230ad 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -170,7 +170,7 @@ function recursiveBase64StrToArrayBuffer(obj) {
     // TFA, CSRF, Alerts in footer.inc.php
     // Other general functions in mailcow.js
     {% for alert_type, alert_msg in alerts %}
-    mailcow_alert_box("{{ alert_msg }}", "{{ alert_type }}");
+    mailcow_alert_box('{{ alert_msg|raw }}', '{{ alert_type }}');
     {% endfor %}
 
     // Confirm TFA modal