'[SM-CVS] CVS: squirrelmail/src search.php,1.92.2.16,1.92.2.17'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] CVS: squirrelmail/src search.php,1.92.2.16,1.92.2.17
From:       Thijs Kinkhorst <kink () users ! sourceforge ! net>
Date:       2006-07-27 10:57:42
Message-ID: E1G63Yk-0000Nq-VL () sc8-pr-cvs8 ! sourceforge ! net
[Download RAW message or body]

Update of /cvsroot/squirrelmail/squirrelmail/src
In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv1446

Modified Files:
      Tag: SM-1_4-STABLE
	search.php 
Log Message:
url vars must be urlencoded, not htmlspecialchard


Index: search.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/src/search.php,v
retrieving revision 1.92.2.16
retrieving revision 1.92.2.17
diff -u -w -r1.92.2.16 -r1.92.2.17
--- search.php	29 Jun 2006 14:18:32 -0000	1.92.2.16
+++ search.php	27 Jul 2006 10:57:37 -0000	1.92.2.17
@@ -333,9 +333,9 @@
         . html_tag( 'td', $saved_attributes['saved_where'][$i + 1], 'center' )
         . html_tag( 'td', '', 'right' )
         .   '<a href="search.php'
-        .     '?mailbox=' . htmlspecialchars($saved_attributes['saved_folder'][$i + 1])
-        .     '&amp;what=' . htmlspecialchars($saved_attributes['saved_what'][$i + 1])
-        .     '&amp;where=' . htmlspecialchars($saved_attributes['saved_where'][$i + 1])
+        .     '?mailbox=' . urlencode($saved_attributes['saved_folder'][$i + 1])
+        .     '&amp;what=' . urlencode($saved_attributes['saved_what'][$i + 1])
+        .     '&amp;where=' . urlencode($saved_attributes['saved_where'][$i + 1])
         .   '">' . _("edit") . '</a>'
         .   '&nbsp;|&nbsp;'
         .   '<a href="search.php'


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic