fix still possible html injection

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

index.php

@@ -353,12 +353,7 @@ if ($action == '2fa_entercode') {
 				$message = sprintf($lng['error']['login_blocked'], Settings::Get('login.deactivatetime'));
 				break;
 			case 4:
-				$cmail = isset($_GET['customermail']) ? $_GET['customermail'] : 'unknown';
-				if (!Validate::validateEmail($cmail)) {
-					$message = str_replace('%s', 'invalid.address', $lng['error']['errorsendingmail']);
-				} else {
-					$message = str_replace('%s', $cmail, $lng['error']['errorsendingmail']);
-				}
+				$message = $lng['error']['errorsendingmailpub'];
 				break;
 			case 5:
 				$message = $lng['error']['user_banned'];

lng/english.lng.php

@@ -673,6 +673,7 @@ $lng['admin']['message'] = 'Write a Message';
 $lng['admin']['text'] = 'Message';
 $lng['menu']['message'] = 'Messages';
 $lng['error']['errorsendingmail'] = 'The message to "%s" failed';
+$lng['error']['errorsendingmailpub'] = 'The message to the given email-address failed';
 $lng['error']['cannotreaddir'] = 'Unable to read directory "%s"';
 $lng['message']['success'] = 'Successfully sent message to %s recipients';
 $lng['message']['norecipients'] = 'No e-mail has been sent because there are no recipients in the database';

lng/german.lng.php

@@ -666,6 +666,7 @@ $lng['admin']['message'] = 'Rundmail senden';
 $lng['admin']['text'] = 'Nachricht';
 $lng['menu']['message'] = 'Nachrichten';
 $lng['error']['errorsendingmail'] = 'Das Versenden der Nachricht an "%s" schlug fehl.';
+$lng['error']['errorsendingmailpub'] = 'Das Versenden der Nachricht an die angegebene E-Mail Adresse schlug fehl.';
 $lng['error']['cannotreaddir'] = 'Der Ordner "%s" kann nicht gelesen werden';
 $lng['message']['success'] = 'Nachricht erfolgreich an "%s" Empfänger gesendet';
 $lng['message']['norecipients'] = 'Es wurde keine E-Mail versendet, da sich keine Empfänger in der Datenbank befinden';