escape provided url better (fix XSS vuln) - thanks to Flippo Cavallarin for reporting this

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@1322 a1433add-5e2c-0410-b055-b7f2511e0802

templates/edit-vacation.php

@@ -2,8 +2,7 @@
 <script type="text/javascript">
 function newLocation()
 {
-window.location="<?php print $fCanceltarget; ?>"
-
+    window.location= "<?php echo urlencode($fCanceltarget); ?>"
 }
 </script>
 <div id="edit_form">