[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    Re: [SM-CVS] CVS: squirrelmail/src compose.php,1.429,
From:       "Tomas Kuliavas" <tokul () users ! sourceforge ! net>
Date:       2005-12-12 7:31:18
Message-ID: 32951.80.243.17.21.1134372678.squirrel () internet ! eik ! lt
[Download RAW message or body]

> Update of /cvsroot/squirrelmail/squirrelmail/src
> In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31001/src
> 
> 
> Modified Files:
> compose.php read_body.php
> Log Message:
> oops, this error was already encoded, so back my r1.366 out, and part of
> Tomas' r1.429
> 

No, it is not.

check Deliver_SMTP.class.php and try using html formated string in
$this->dlv_msg, $this->dlv_ret_nr or $this->dlv_server_msg

http://cvs.sf.net/viewcvs.py/squirrelmail/squirrelmail/class/deliver/Deliver_SMTP.class.php?r1=1.13.2.11&r2=1.13.2.12


I did sanitizing inside output function, because I thought it was proper
place to do sanitizing. Interface should not care about html string safety
until those strings are sent to end user.

On IRC I've said that it might break things, if delivery backends use html
formating. I don't think that delivery backends should use html formating
without clear documentation indicating that variables contain formated
error messages. If we move to templates, html formating must be removed
from delivery classes anyway.

-- 
Tomas


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs


[prev in list] [next in list] [prev in thread] [next in thread]