diff --git a/pandora_console/operation/messages/message_edit.php b/pandora_console/operation/messages/message_edit.php
index d2d3520b2b..cc197960ed 100644
--- a/pandora_console/operation/messages/message_edit.php
+++ b/pandora_console/operation/messages/message_edit.php
@@ -38,7 +38,7 @@ $send_mes = (bool) get_parameter('send_mes', false);
$new_msg = (string) get_parameter('new_msg');
$dst_user = get_parameter('dst_user');
$dst_group = get_parameter('dst_group');
-$subject = io_safe_html_tags(get_parameter('subject'));
+$subject = io_safe_input(get_parameter('subject'));
$message = (string) get_parameter('message');
$read_message = (bool) get_parameter('read_message', false);
$reply = (bool) get_parameter('reply', false);
@@ -132,7 +132,7 @@ if ($read_message) {
echo 'Conversation with '.$user_name.'
';
}
- echo 'Subject: '.$message['subject'].'
';
+ echo 'Subject: '.io_safe_output($message['subject']).'
';
$conversation = messages_get_conversation($message);
diff --git a/pandora_console/operation/messages/message_list.php b/pandora_console/operation/messages/message_list.php
index d7dc2881da..26ffbc5bfe 100644
--- a/pandora_console/operation/messages/message_list.php
+++ b/pandora_console/operation/messages/message_list.php
@@ -259,7 +259,7 @@ if (empty($messages) === true) {
$pathSubject = 'index.php?sec=message_list&sec2=operation/messages/message_edit&read_message=1&id_message='.$message_id;
}
- $contentSubject = (empty($message['subject']) === true) ? __('No Subject') : $message['subject'];
+ $contentSubject = (empty($message['subject']) === true) ? __('No Subject') : io_safe_output($message['subject']);
if ((int) $message['read'] !== 1) {
$contentSubject = ''.$contentSubject.'';