[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[14345] branches/SM-1_4-STABLE/squirrelmail
From: kink () users ! sourceforge ! net
Date: 2012-12-09 11:58:18
Message-ID: E1ThfWU-0005AK-57 () sfp-svn-2 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 14345
http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14345&view=rev
Author: kink
Date: 2012-12-09 11:58:17 +0000 (Sun, 09 Dec 2012)
Log Message:
-----------
Replace calls to htmlspecialchars() with sm_encode_html_special_chars().
New function sm_encode_html_special_chars() encodes HTML special
characters by calling htmlspecialchars(). It sets the character set
to ISO-8859-1, to fix compatibility with PHP >= 5.4.
See #3491925
Modified Paths:
--------------
branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver_SMTP.class.php
branches/SM-1_4-STABLE/squirrelmail/class/mime/Rfc822Header.class.php
branches/SM-1_4-STABLE/squirrelmail/functions/addressbook.php
branches/SM-1_4-STABLE/squirrelmail/functions/display_messages.php
branches/SM-1_4-STABLE/squirrelmail/functions/forms.php
branches/SM-1_4-STABLE/squirrelmail/functions/i18n.php
branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php
branches/SM-1_4-STABLE/squirrelmail/functions/imap_mailbox.php
branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php
branches/SM-1_4-STABLE/squirrelmail/functions/imap_search.php
branches/SM-1_4-STABLE/squirrelmail/functions/mailbox_display.php
branches/SM-1_4-STABLE/squirrelmail/functions/mime.php
branches/SM-1_4-STABLE/squirrelmail/functions/options.php
branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php
branches/SM-1_4-STABLE/squirrelmail/functions/strings.php
branches/SM-1_4-STABLE/squirrelmail/plugins/bug_report/bug_report.php
branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/calendar.php
branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/calendar_data.php
branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/day.php
branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_create.php
branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_delete.php
branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_edit.php
branches/SM-1_4-STABLE/squirrelmail/plugins/filters/options.php
branches/SM-1_4-STABLE/squirrelmail/plugins/filters/spamoptions.php
branches/SM-1_4-STABLE/squirrelmail/plugins/fortune/fortune_functions.php
branches/SM-1_4-STABLE/squirrelmail/plugins/info/functions.php
branches/SM-1_4-STABLE/squirrelmail/plugins/info/options.php
branches/SM-1_4-STABLE/squirrelmail/plugins/listcommands/mailout.php
branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/fetch.php
branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php
branches/SM-1_4-STABLE/squirrelmail/plugins/message_details/message_details_bottom.php
branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/newmail_opt.php
branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/setup.php
branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/testsound.php
branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/options.php
branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/spamcop.php
branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/check_me.mod
branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod
branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/forget_me.mod
branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/lang_change.mod
branches/SM-1_4-STABLE/squirrelmail/plugins/translate/setup.php
branches/SM-1_4-STABLE/squirrelmail/src/addrbook_search.php
branches/SM-1_4-STABLE/squirrelmail/src/addrbook_search_html.php
branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php
branches/SM-1_4-STABLE/squirrelmail/src/compose.php
branches/SM-1_4-STABLE/squirrelmail/src/configtest.php
branches/SM-1_4-STABLE/squirrelmail/src/folders_rename_getname.php
branches/SM-1_4-STABLE/squirrelmail/src/login.php
branches/SM-1_4-STABLE/squirrelmail/src/options_highlight.php
branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php
branches/SM-1_4-STABLE/squirrelmail/src/printer_friendly_bottom.php
branches/SM-1_4-STABLE/squirrelmail/src/read_body.php
branches/SM-1_4-STABLE/squirrelmail/src/right_main.php
branches/SM-1_4-STABLE/squirrelmail/src/search.php
branches/SM-1_4-STABLE/squirrelmail/src/vcard.php
branches/SM-1_4-STABLE/squirrelmail/src/view_header.php
Modified: branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver_SMTP.class.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver_SMTP.class.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver_SMTP.class.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -337,7 +337,7 @@
}
$this->dlv_msg = $message;
- $this->dlv_server_msg = nl2br(htmlspecialchars($server_msg));
+ $this->dlv_server_msg = nl2br(sm_encode_html_special_chars($server_msg));
return true;
}
Modified: branches/SM-1_4-STABLE/squirrelmail/class/mime/Rfc822Header.class.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/class/mime/Rfc822Header.class.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/class/mime/Rfc822Header.class.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -706,7 +706,7 @@
$value = substr($value,strlen($charset)+1);
/* FIXME: What's the status of charset decode with language information \
????
* Maybe language information contains only ascii text and \
charset_decode()
- * only runs htmlspecialchars() on it. If it contains 8bit information, \
you + * only runs sm_encode_html_special_chars() on it. If it contains \
8bit information, you
* get html encoded text in charset used by selected translation.
*/
$value = charset_decode($charset,$value);
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/addressbook.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/addressbook.php 2012-09-18 17:43:15 \
UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/addressbook.php 2012-12-09 11:58:17 \
UTC (rev 14345) @@ -154,7 +154,7 @@
* display address book init errors.
*/
if ($abook_init_error!='' && $showerr) {
- $abook_init_error = htmlspecialchars($abook_init_error);
+ $abook_init_error = sm_encode_html_special_chars($abook_init_error);
error_box($abook_init_error,$color);
}
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/display_messages.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/display_messages.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/display_messages.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -32,7 +32,7 @@
}
$string .= sprintf (_("Click here to return to %s"),
- htmlspecialchars(imap_utf7_decode_local($mailbox))).
+ sm_encode_html_special_chars(imap_utf7_decode_local($mailbox))).
'</a></td></tr>';
error_box($string, $color);
}
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/forms.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/forms.php 2012-09-18 17:43:15 UTC \
(rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/forms.php 2012-12-09 11:58:17 UTC \
(rev 14345) @@ -23,8 +23,8 @@
*/
function addInputField($type, $name = null, $value = null, $attributes = '') {
return '<input type="'.$type.'"'.
- ($name !== null ? ' name="'.htmlspecialchars($name).'"' : '').
- ($value !== null ? ' value="'.htmlspecialchars($value).'"' : '').
+ ($name !== null ? ' name="'.sm_encode_html_special_chars($name).'"' : \
''). + ($value !== null ? ' value="'.sm_encode_html_special_chars($value).'"' \
: ''). ' ' . $attributes . " />\n";
}
@@ -89,16 +89,16 @@
if(count($values) == 1) {
$k = key($values); $v = array_pop($values);
return addHidden($name, ($usekeys ? $k:$v)).
- htmlspecialchars($v) . "\n";
+ sm_encode_html_special_chars($v) . "\n";
}
- $ret = '<select name="'.htmlspecialchars($name) . "\">\n";
+ $ret = '<select name="'.sm_encode_html_special_chars($name) . "\">\n";
foreach ($values as $k => $v) {
if(!$usekeys) $k = $v;
$ret .= '<option value="' .
- htmlspecialchars( $k ) . '"' .
+ sm_encode_html_special_chars( $k ) . '"' .
(($default == $k) ? ' selected="selected"' : '') .
- '>' . htmlspecialchars($v) ."</option>\n";
+ '>' . sm_encode_html_special_chars($v) ."</option>\n";
}
$ret .= "</select>\n";
@@ -123,9 +123,9 @@
* Textarea form element.
*/
function addTextArea($name, $text = '', $cols = 40, $rows = 10, $attr = '') {
- return '<textarea name="'.htmlspecialchars($name).'" '.
+ return '<textarea name="'.sm_encode_html_special_chars($name).'" '.
'rows="'.(int)$rows .'" cols="'.(int)$cols.'" '.
- $attr . '>'.htmlspecialchars($text) ."</textarea>\n";
+ $attr . '>'.sm_encode_html_special_chars($text) ."</textarea>\n";
}
/**
@@ -156,7 +156,7 @@
$enctype = ' enctype="'.$enctype.'"';
}
if($charset) {
- $charset = ' accept-charset="'.htmlspecialchars($charset).'"';
+ $charset = ' accept-charset="'.sm_encode_html_special_chars($charset).'"';
}
$form_string = '<form action="'. $action .'" method="'. $method .'"'.
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/i18n.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/i18n.php 2012-09-18 17:43:15 UTC \
(rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/i18n.php 2012-12-09 11:58:17 UTC \
(rev 14345) @@ -171,7 +171,7 @@
* @param string $string Text to be decoded
* @param boolean $force_decode converts string to html without \
$charset!=$default_charset check.
* Argument is available since 1.4.5 and 1.5.1.
- * @param boolean $save_html disables htmlspecialchars() in order to preserve
+ * @param boolean $save_html disables sm_encode_html_special_chars() in order to \
preserve
* html formating. Use with care. Available since 1.4.6 and 1.5.1
* @return string decoded string
*/
@@ -184,7 +184,7 @@
}
/* All HTML special characters are 7 bit and can be replaced first */
- if (! $save_html) $string = htmlspecialchars ($string);
+ if (! $save_html) $string = sm_encode_html_special_chars ($string);
$charset = strtolower($charset);
set_my_charset();
@@ -214,7 +214,7 @@
* @since 1.4.4 and 1.5.1
* @param string $string
* @param string $charset
- * @param boolean $htmlencode keep htmlspecialchars encoding
+ * @param boolean $htmlencode keep sm_encode_html_special_chars encoding
* @return string
*/
function charset_encode($string,$charset,$htmlencode=true) {
@@ -258,7 +258,7 @@
* @param string $in_charset initial charset
* @param string $string string that has to be converted
* @param string $out_charset final charset
- * @param boolean $htmlencode keep htmlspecialchars encoding
+ * @param boolean $htmlencode keep sm_encode_html_special_chars encoding
* @return string converted string
*/
function charset_convert($in_charset,$string,$out_charset,$htmlencode=true) {
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -367,7 +367,7 @@
$cmd = explode(' ',$query);
$cmd = strtolower($cmd[0]);
if ($query != '' && $cmd != 'login') {
- $string .= ("Query:") . ' '. htmlspecialchars($query)
+ $string .= ("Query:") . ' '. sm_encode_html_special_chars($query)
. '<br />' . "</font><br />\n";
}
error_box($string,$color);
@@ -399,9 +399,9 @@
_("ERROR: Could not complete request.") .
"</b><br />\n" .
_("Query:") . ' ' .
- htmlspecialchars($query) . '<br />' .
+ sm_encode_html_special_chars($query) . '<br />' .
_("Reason Given:") . ' ' .
- htmlspecialchars($message) . "</font><br />\n";
+ sm_encode_html_special_chars($message) . "</font><br />\n";
error_box($string,$color);
echo '</body></html>';
exit;
@@ -414,9 +414,9 @@
_("ERROR: Bad or malformed request.") .
"</b><br />\n" .
_("Query:") . ' '.
- htmlspecialchars($query) . '<br />' .
+ sm_encode_html_special_chars($query) . '<br />' .
_("Server responded:") . ' ' .
- htmlspecialchars($message) . "</font><br />\n";
+ sm_encode_html_special_chars($message) . "</font><br />\n";
error_box($string,$color);
echo '</body></html>';
exit;
@@ -427,9 +427,9 @@
_("ERROR: IMAP server closed the connection.") .
"</b><br />\n" .
_("Query:") . ' '.
- htmlspecialchars($query) . '<br />' .
+ sm_encode_html_special_chars($query) . '<br />' .
_("Server responded:") . ' ' .
- htmlspecialchars($message) . "</font><br />\n";
+ sm_encode_html_special_chars($message) . "</font><br />\n";
error_box($string,$color);
echo '</body></html>';
exit;
@@ -440,9 +440,9 @@
_("ERROR: Unknown IMAP response.") .
"</b><br />\n" .
_("Query:") . ' '.
- htmlspecialchars($query) . '<br />' .
+ sm_encode_html_special_chars($query) . '<br />' .
_("Server responded:") . ' ' .
- htmlspecialchars($message) . "</font><br />\n";
+ sm_encode_html_special_chars($message) . "</font><br />\n";
error_box($string,$color);
/* the error is displayed but because we don't know the reponse we
return the result anyway */
@@ -654,7 +654,7 @@
if (!$hide) {
if ($response != 'NO') {
/* "BAD" and anything else gets reported here. */
- $message = htmlspecialchars($message);
+ $message = sm_encode_html_special_chars($message);
set_up_language($squirrelmail_language, true);
require_once(SM_PATH . 'functions/display_messages.php');
if ($response == 'BAD') {
@@ -665,7 +665,7 @@
if (isset($read) && is_array($read)) {
$string .= '<br />' . _("Read data:") . "<br />\n";
foreach ($read as $line) {
- $string .= htmlspecialchars($line) . "<br />\n";
+ $string .= sm_encode_html_special_chars($line) . "<br />\n";
}
}
error_box($string,$color);
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/imap_mailbox.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/imap_mailbox.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/imap_mailbox.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -254,7 +254,7 @@
if (strstr($mailbox, '../') || substr($mailbox, 0, 1) == '/') {
global $color;
include_once(SM_PATH . 'functions/display_messages.php');
- error_box(sprintf(_("Invalid mailbox name: \
%s"),htmlspecialchars($mailbox)),$color); + error_box(sprintf(_("Invalid \
mailbox name: %s"),sm_encode_html_special_chars($mailbox)),$color); \
sqimap_logout($imap_stream); die('</body></html>');
}
@@ -555,16 +555,16 @@
$box2 = $boxes_part['formatted'];
break;
default: /* default, long names, style = 0 */
- $box2 = str_replace(' ', ' ', \
htmlspecialchars(imap_utf7_decode_local($boxes_part['unformatted-disp']))); + \
$box2 = str_replace(' ', ' ', \
sm_encode_html_special_chars(imap_utf7_decode_local($boxes_part['unformatted-disp'])));
break;
}
}
$box2 = str_replace(array('<','>'), array('<','>') , $box2);
if ($show_selected != 0 && in_array($lowerbox, $show_selected) ) {
- $mbox_options .= '<option value="' . htmlspecialchars($box) .'" \
selected="selected">'.$box2.'</option>' . "\n"; + $mbox_options .= \
'<option value="' . sm_encode_html_special_chars($box) .'" \
selected="selected">'.$box2.'</option>' . "\n"; } else {
- $mbox_options .= '<option value="' . htmlspecialchars($box) \
.'">'.$box2.'</option>' . "\n"; + $mbox_options .= '<option value="' . \
sm_encode_html_special_chars($box) .'">'.$box2.'</option>' . "\n"; }
}
}
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -786,7 +786,7 @@
_("ERROR: Could not complete request.") .
'</b><br />' .
_("Unknown response from IMAP server:") . ' 1.' .
- htmlspecialchars($read) . "</font><br />\n";
+ sm_encode_html_special_chars($read) . "</font><br />\n";
break;
}
$i = strpos($read,'(',$i_space+5);
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/imap_search.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/imap_search.php 2012-09-18 17:43:15 \
UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/imap_search.php 2012-12-09 11:58:17 \
UTC (rev 14345) @@ -126,7 +126,7 @@
if (strstr($errors,'* SEARCH')) {
return array();
}
- echo '<!-- '.htmlspecialchars($errors) .' -->';
+ echo '<!-- '.sm_encode_html_special_chars($errors) .' -->';
}
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/mailbox_display.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/mailbox_display.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/mailbox_display.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -110,10 +110,10 @@
if ($senderNames_part[1]) {
$senderName .= decodeHeader($senderNames_part[1]);
} else {
- $senderName .= htmlspecialchars($senderNames_part[0]);
+ $senderName .= sm_encode_html_special_chars($senderNames_part[0]);
}
- $senderFrom .= htmlspecialchars($senderNames_part[0]);
+ $senderFrom .= sm_encode_html_special_chars($senderNames_part[0]);
}
}
$senderName = str_replace(' ',' ',$senderName);
@@ -530,8 +530,8 @@
$form_name = "FormMsgs" . $safe_name;
echo '<form name="' . $form_name . '" method="post" action="move_messages.php">' \
."\n" .
'<input type="hidden" name="smtoken" \
value="'.sm_generate_security_token().'">' . "\n" .
- '<input type="hidden" name="mailbox" \
value="'.htmlspecialchars($mailbox).'">' . "\n" .
- '<input type="hidden" name="startMessage" \
value="'.htmlspecialchars($start_msg).'">' . "\n"; + '<input type="hidden" \
name="mailbox" value="'.sm_encode_html_special_chars($mailbox).'">' . "\n" . + \
'<input type="hidden" name="startMessage" \
value="'.sm_encode_html_special_chars($start_msg).'">' . "\n";
echo '<table border="0" width="100%" cellpadding="0" cellspacing="0">';
echo '<tr><td>';
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/mime.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/mime.php 2012-09-18 17:43:15 UTC \
(rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/mime.php 2012-12-09 11:58:17 UTC \
(rev 14345) @@ -43,7 +43,7 @@
'<center>';
$errormessage = _("SquirrelMail could not decode the bodystructure of the \
message");
$errormessage .= '<br />'._("The bodystructure provided by your IMAP \
server:").'<br /><br />';
- $errormessage .= '<table><tr><td>' . htmlspecialchars($read) . \
'</td></tr></table>'; + $errormessage .= '<table><tr><td>' . \
sm_encode_html_special_chars($read) . '</td></tr></table>'; plain_error_message( \
$errormessage, $color ); echo '</body></html>';
exit;
@@ -546,7 +546,7 @@
'<a href="'.$defaultlink.'">'.decodeHeader($display_filename).'</a> </td>' \
. '<td><small><b>' . show_readable_size($header->size) .
'</b> </small></td>' .
- '<td><small>[ '.htmlspecialchars($type0).'/'.htmlspecialchars($type1).' \
] </small></td>' . + '<td><small>[ \
'.sm_encode_html_special_chars($type0).'/'.sm_encode_html_special_chars($type1).' \
] </small></td>' . '<td><small>';
$attachments .= '<b>' . $description . '</b>';
$attachments .= '</small></td><td><small> ';
@@ -677,7 +677,7 @@
$iLastMatch = $i;
$j = $i;
if ($htmlsave) {
- $ret .= htmlspecialchars($res[1]);
+ $ret .= sm_encode_html_special_chars($res[1]);
} else {
$ret .= $res[1];
}
@@ -702,7 +702,7 @@
$replace = charset_decode($res[2],$replace);
} elseif ($htmlsave) {
// string is not converted, but still sanitized
- $replace = htmlspecialchars($replace);
+ $replace = sm_encode_html_special_chars($replace);
}
$ret.= $replace;
break;
@@ -718,7 +718,7 @@
$replace = charset_decode($res[2], $replace);
} elseif ($htmlsave) {
// string is not converted, but still sanizited
- $replace = htmlspecialchars($replace);
+ $replace = sm_encode_html_special_chars($replace);
}
$ret .= $replace;
break;
@@ -737,7 +737,7 @@
}
if (!$encoded && $htmlsave) {
- $ret .= htmlspecialchars($chunk);
+ $ret .= sm_encode_html_special_chars($chunk);
} else {
$ret .= $chunk;
}
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/options.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/options.php 2012-09-18 17:43:15 UTC \
(rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/options.php 2012-12-09 11:58:17 UTC \
(rev 14345) @@ -305,7 +305,7 @@
}
function createWidget_Info() {
- $result = htmlspecialchars($this->value) . "\n";
+ $result = sm_encode_html_special_chars($this->value) . "\n";
return $result;
}
@@ -341,9 +341,9 @@
$result = "<input type=\""
. ($password ? 'password' : 'text')
. "\" name=\"new_$this->name\" value=\""
- . htmlspecialchars($this->value)
+ . sm_encode_html_special_chars($this->value)
. "\" size=\"$width\" $this->script /> "
- . htmlspecialchars($this->trailing_text) . "\n";
+ . sm_encode_html_special_chars($this->trailing_text) . "\n";
return $result;
}
@@ -384,14 +384,14 @@
foreach ($this->possible_values as $real_value => $disp_value) {
$result .= "\n" . '<input type="radio" name="new_' . $this->name
. '" id="new_' . $this->name . '_'
- . ($this->htmlencoded ? $real_value : \
htmlspecialchars($real_value)) + . ($this->htmlencoded ? \
$real_value : sm_encode_html_special_chars($real_value))
. '" value="'
- . ($this->htmlencoded ? $real_value : \
htmlspecialchars($real_value)) + . ($this->htmlencoded ? \
$real_value : sm_encode_html_special_chars($real_value))
. '"' . ($real_value == $this->value ? ' checked="checked"' \
: '')
. ' /> <label for="new_' . $this->name . '_'
- . ($this->htmlencoded ? $real_value : \
htmlspecialchars($real_value)) + . ($this->htmlencoded ? \
$real_value : sm_encode_html_special_chars($real_value))
. '">'
- . ($this->htmlencoded ? $disp_value : \
htmlspecialchars($disp_value)) + . ($this->htmlencoded ? \
$disp_value : sm_encode_html_special_chars($disp_value))
. '</label>';
if ($this->size != SMOPT_SIZE_TINY)
$result .= '<br />';
@@ -437,7 +437,7 @@
foreach ($this->possible_values as $real_value => $disp_value) {
/* Start the next new option string. */
$new_option = '<option value="' .
- ($this->htmlencoded ? $real_value : htmlspecialchars($real_value)) . \
'"'; + ($this->htmlencoded ? $real_value : \
sm_encode_html_special_chars($real_value)) . '"';
// multiple select lists have possibly more than one default selection
if ($multiple_select) {
@@ -455,13 +455,13 @@
}
/* Add the display value to our option string. */
- $new_option .= '>' . ($this->htmlencoded ? $disp_value : \
htmlspecialchars($disp_value)) . "</option>\n"; + $new_option .= '>' . \
($this->htmlencoded ? $disp_value : sm_encode_html_special_chars($disp_value)) . \
"</option>\n"; /* And add the new option string to our select tag. */
$result .= $new_option;
}
/* Close the select tag and return our happy result. */
- $result .= '</select>' . htmlspecialchars($this->trailing_text) . "\n";
+ $result .= '</select>' . sm_encode_html_special_chars($this->trailing_text) \
. "\n"; return $result;
}
@@ -520,7 +520,7 @@
} else {
/* Start the next new option string. */
- $new_option = '<option value="' . htmlspecialchars($real_value) . \
'"'; + $new_option = '<option value="' . \
sm_encode_html_special_chars($real_value) . '"';
// multiple select lists have possibly more than one default \
selection if ($multiple_select) {
@@ -538,13 +538,13 @@
}
/* Add the display value to our option string. */
- $new_option .= '>' . htmlspecialchars($disp_value) . "</option>\n";
+ $new_option .= '>' . sm_encode_html_special_chars($disp_value) . \
"</option>\n"; }
/* And add the new option string to our select tag. */
$result .= $new_option;
}
/* Close the select tag and return our happy result. */
- $result .= '</select>' . htmlspecialchars($this->trailing_text) . "\n";
+ $result .= '</select>' . sm_encode_html_special_chars($this->trailing_text) \
. "\n"; return $result;
}
@@ -560,7 +560,7 @@
}
$result = "<textarea name=\"new_$this->name\" rows=\"$rows\" "
. "cols=\"$cols\" $this->script>"
- . htmlspecialchars($this->value) . "</textarea>\n";
+ . sm_encode_html_special_chars($this->value) . "</textarea>\n";
return ($result);
}
@@ -628,7 +628,7 @@
. '" id="new_' . $this->name . '" value="' . SMPREF_YES
. "\" $yes_chk " . $this->script . ' /> '
. '<label for="new_' . $this->name . '">'
- . htmlspecialchars($this->trailing_text) . '</label>';
+ . sm_encode_html_special_chars($this->trailing_text) . \
'</label>'; }
// radio buttons...
@@ -639,13 +639,13 @@
$yes_option = '<input type="radio" name="new_' . $this->name
. '" id="new_' . $this->name . '_yes"'
. ' value="' . SMPREF_YES . "\"$yes_chk $this->script \
/> "
- . '<label for="new_' . $this->name . '_yes">' . \
(!empty($this->yes_text) ? htmlspecialchars($this->yes_text) : _("Yes")) . \
'</label>'; + . '<label for="new_' . $this->name . '_yes">' . \
(!empty($this->yes_text) ? sm_encode_html_special_chars($this->yes_text) : _("Yes")) \
. '</label>';
/* Build the no choice. */
$no_option = '<input type="radio" name="new_' . $this->name
. '" id="new_' . $this->name . '_no"'
. ' value="' . SMPREF_NO . "\"$no_chk $this->script /> "
- . '<label for="new_' . $this->name . '_no">' . \
(!empty($this->no_text) ? htmlspecialchars($this->no_text) : _("No")) . '</label>'; + \
. '<label for="new_' . $this->name . '_no">' . (!empty($this->no_text) ? \
sm_encode_html_special_chars($this->no_text) : _("No")) . '</label>';
/* Build the combined "boolean widget". */
$result = "$yes_option $no_option";
@@ -657,7 +657,7 @@
function createWidget_Hidden() {
$result = '<input type="hidden" name="new_' . $this->name
- . '" value="' . htmlspecialchars($this->value)
+ . '" value="' . sm_encode_html_special_chars($this->value)
. '" ' . $this->script . ' />';
return ($result);
}
@@ -733,7 +733,7 @@
// Start the next new option string.
//
- $result .= '<option value="' . htmlspecialchars($value) . '"';
+ $result .= '<option value="' . \
sm_encode_html_special_chars($value) . '"';
// having a selected item in the edit list doesn't have
// any meaning, but maybe someone will think of a way to
@@ -748,7 +748,7 @@
// Add the display value to our option string.
//
- $result .= '>' . htmlspecialchars($value) . "</option>\n";
+ $result .= '>' . sm_encode_html_special_chars($value) . \
"</option>\n";
}
@@ -783,8 +783,8 @@
else $bgcolor = 4;
$result .= '<tr bgcolor="' . $color[$bgcolor] . '">'
- . '<td width="1%"><input type="checkbox" name="new_' . \
$this->name . '[' . ($index++) . ']" id="' . $this->name . '_list_item_' . $key . '" \
value="' . htmlspecialchars($value) . '"></td>'
- . '<td><label for="' . $this->name . '_list_item_' . \
$key . '">' . htmlspecialchars($value) . '</label></td>' + \
. '<td width="1%"><input type="checkbox" name="new_' . $this->name . '[' . ($index++) \
. ']" id="' . $this->name . '_list_item_' . $key . '" value="' . \
sm_encode_html_special_chars($value) . '"></td>' + . \
'<td><label for="' . $this->name . '_list_item_' . $key . '">' . \
sm_encode_html_special_chars($value) . '</label></td>'
. "</tr>\n";
}
@@ -821,9 +821,9 @@
function createWidget_Submit() {
$result = "<input type=\"submit\" name=\"$this->name\" value=\""
- . htmlspecialchars($this->comment)
+ . sm_encode_html_special_chars($this->comment)
. "\" $this->script />"
- . htmlspecialchars($this->trailing_text) . "\n";
+ . sm_encode_html_special_chars($this->trailing_text) . "\n";
return $result;
@@ -953,7 +953,7 @@
function create_hidden_element($name, $value) {
$result = '<input type="hidden" '
. 'name="' . $name . '" '
- . 'value="' . htmlspecialchars($value) . '" />';
+ . 'value="' . sm_encode_html_special_chars($value) . '" />';
return ($result);
}
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php 2012-09-18 17:43:15 \
UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php 2012-12-09 11:58:17 \
UTC (rev 14345) @@ -272,7 +272,7 @@
echo "<body text=\"$color[8]\" bgcolor=\"$color[4]\" link=\"$color[7]\" \
vlink=\"$color[7]\" alink=\"$color[7]\" $onload>\n\n"; /** Here is the header and \
wrapping table **/
- $shortBoxName = htmlspecialchars(imap_utf7_decode_local(
+ $shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local(
readShortMailboxName($mailbox, $delimiter)));
if ( $shortBoxName == 'INBOX' ) {
$shortBoxName = _("INBOX");
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/strings.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2012-09-18 17:43:15 UTC \
(rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2012-12-09 11:58:17 UTC \
(rev 14345) @@ -1476,4 +1476,38 @@
}
+/**
+ * Wrapper for PHP's htmlspecialchars() that
+ * attempts to add the correct character encoding
+ *
+ * @param string $string The string to be converted
+ * @param int $flags A bitmask that controls the behavior of htmlspecialchars()
+ * (See http://php.net/manual/function.htmlspecialchars.php )
+ * (OPTIONAL; default ENT_COMPAT)
+ * @param string $encoding The character encoding to use in the conversion
+ * (OPTIONAL; default automatic detection)
+ * @param boolean $double_encode Whether or not to convert entities that are
+ * already in the string (only supported in
+ * PHP 5.2.3+) (OPTIONAL; default TRUE)
+ *
+ * @return string The converted text
+ *
+ */
+function sm_encode_html_special_chars($string, $flags=ENT_COMPAT,
+ $encoding=NULL, $double_encode=TRUE)
+{
+ if (!$encoding)
+ {
+ global $default_charset;
+ if ($default_charset == 'iso-2022-jp')
+ $default_charset = 'EUC-JP';
+ $encoding = $default_charset;
+ }
+
+ if (check_php_version(5, 2, 3))
+ return htmlspecialchars($string, $flags, $encoding, $double_encode);
+
+ return htmlspecialchars($string, $flags, $encoding);
+}
+
$PHP_SELF = php_self();
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/bug_report/bug_report.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/bug_report/bug_report.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/bug_report/bug_report.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -163,7 +163,7 @@
$body_top .= "----------------------------------------------\n";
}
-$body = htmlspecialchars($body_top . $body);
+$body = sm_encode_html_special_chars($body_top . $body);
?>
<br />
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/calendar.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/calendar.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/calendar.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -114,11 +114,11 @@
$calbar = $calendardata[$cdate][$calfoo['key']];
// FIXME: how to display multiline task
$title = '['. $calfoo['key']. '] ' .
- str_replace(array("\r","\n"),array(' ',' \
'),htmlspecialchars($calbar['message'])); + \
str_replace(array("\r","\n"),array(' ',' \
'),sm_encode_html_special_chars($calbar['message'])); // FIXME: link to nowhere
echo "<a href=\"#\" style=\"text-decoration:none; color: "
.($calbar['priority']==1 ? $color[1] : $color[6])
- ."\" \
title=\"$title\">".htmlspecialchars($calbar['title'])."</a><br />\n"; + \
."\" title=\"$title\">".sm_encode_html_special_chars($calbar['title'])."</a><br \
/>\n"; $i=$i+1;
if($i==2){
break;
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/calendar_data.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/calendar_data.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/calendar_data.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -23,7 +23,7 @@
* Plugin stores multiline texts converted to single line with PHP nl2br().
* Function undoes nl2br() conversion and html encoding of ASCII vertical bar.
*
- * Older plugin versions sanitized data with htmlspecialchars. Since 1.5.1 calendar
+ * Older plugin versions sanitized data with sm_encode_html_special_chars. Since \
1.5.1 calendar
* data is not sanitized. Output functions must make sure that data is correctly
* encoded and sanitized.
* @param string $string calendar string
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/day.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/day.php 2012-09-18 17:43:15 \
UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/day.php 2012-12-09 11:58:17 \
UTC (rev 14345) @@ -127,9 +127,9 @@
html_tag( 'td', \
date_intl(_("H:i"),mktime($ehour,$eminute,0,1,1,0)) . $elength, 'left' ) . html_tag( \
'td', '', 'left' ) . '['; echo ($calbar['priority']==1) ?
- "<font \
color=\"$color[1]\">".htmlspecialchars($calbar['title']).'</font>' :
- htmlspecialchars($calbar['title']);
- echo'] <div \
style="margin-left:10px">'.nl2br(htmlspecialchars($calbar['message'])).'</div>' . + \
"<font color=\"$color[1]\">".sm_encode_html_special_chars($calbar['title']).'</font>' \
: + sm_encode_html_special_chars($calbar['title']);
+ echo'] <div \
style="margin-left:10px">'.nl2br(sm_encode_html_special_chars($calbar['message'])).'</div>' \
. html_tag( 'td',
"<font size=\"-1\"><nobr>\n" .
"<a \
href=\"event_edit.php?year=$year&month=$month&day=$day&hour=".
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_create.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_create.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_create.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -160,11 +160,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
- html_tag( 'td', htmlspecialchars($event_title,ENT_NOQUOTES), \
'left', $color[4] ) . "\n" + html_tag( 'td', \
sm_encode_html_special_chars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n" \
) . html_tag( 'tr',
html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" .
- html_tag( 'td', \
nl2br(htmlspecialchars($event_text,ENT_NOQUOTES)), 'left', $color[4] ) . "\n" + \
html_tag( 'td', nl2br(sm_encode_html_special_chars($event_text,ENT_NOQUOTES)), \
'left', $color[4] ) . "\n" ) .
html_tag( 'tr',
html_tag( 'td',
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_delete.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_delete.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_delete.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -74,11 +74,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:"), 'right', $color[4] ) .
- html_tag( 'td', htmlspecialchars($tmparray['title']), 'left', \
$color[4] ) + html_tag( 'td', \
sm_encode_html_special_chars($tmparray['title']), 'left', $color[4] ) ) .
html_tag( 'tr',
html_tag( 'td', _("Message:"), 'right', $color[4] ) .
- html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])), \
'left', $color[4] ) + html_tag( 'td', \
nl2br(sm_encode_html_special_chars($tmparray['message'])), 'left', $color[4] ) ) .
html_tag( 'tr',
html_tag( 'td',
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_edit.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_edit.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/calendar/event_edit.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -174,11 +174,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', htmlspecialchars($tmparray['title']) , 'left', \
$color[4] ) ."\n" + html_tag( 'td', \
sm_encode_html_special_chars($tmparray['title']) , 'left', $color[4] ) ."\n" ) .
html_tag( 'tr',
html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])) , \
'left', $color[4] ) ."\n" + html_tag( 'td', \
nl2br(sm_encode_html_special_chars($tmparray['message'])) , 'left', $color[4] ) ."\n" \
) . html_tag( 'tr',
html_tag( 'th', _("to:") . "<br />\n", '', $color[4], \
'colspan="2"' ) ."\n" @@ -198,11 +198,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', htmlspecialchars($event_title) , 'left', \
$color[4] ) ."\n" + html_tag( 'td', \
sm_encode_html_special_chars($event_title) , 'left', $color[4] ) ."\n" ) .
html_tag( 'tr',
html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', nl2br(htmlspecialchars($event_text)) , 'left', \
$color[4] ) ."\n" + html_tag( 'td', \
nl2br(sm_encode_html_special_chars($event_text)) , 'left', $color[4] ) ."\n" ) .
html_tag( 'tr',
html_tag( 'td',
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/filters/options.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/filters/options.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/filters/options.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -203,7 +203,7 @@
html_tag( 'td', '', 'left' ) .
'<input type="text" size="32" name="filter_what" value="';
if (isset($filters[$theid]['what'])) {
- echo htmlspecialchars($filters[$theid]['what']);
+ echo sm_encode_html_special_chars($filters[$theid]['what']);
}
echo '" />'.
'</td>'.
@@ -265,7 +265,7 @@
printf( _("If %s contains %s then move to %s"),
'<b>'.$filters[$i]['where'].'</b>',
'<b>'.$filters[$i]['what'].'</b>',
- '<b>'.htmlspecialchars(imap_utf7_decode_local($fdr)).'</b>');
+ '<b>'.sm_encode_html_special_chars(imap_utf7_decode_local($fdr)).'</b>');
echo '</td></tr>';
}
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/filters/spamoptions.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/filters/spamoptions.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/filters/spamoptions.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -199,7 +199,7 @@
echo html_tag( 'p', '', 'center' ) .
'[<a href="spamoptions.php?action=spam">' . _("Edit") . '</a>]' .
' - [<a href="../../src/options.php">' . _("Done") . '</a>]</center><br \
/><br />';
- printf( _("Spam is sent to %s."), \
($filters_spam_folder?'<b>'.htmlspecialchars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not \
set yet").'</i>]' ) ); + printf( _("Spam is sent to %s."), \
($filters_spam_folder?'<b>'.sm_encode_html_special_chars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not \
set yet").'</i>]' ) ); echo '<br />';
printf( _("Spam scan is limited to %s."), '<b>' . ( ($filters_spam_scan == \
'new')?_("Unread messages only"):_("All messages") ) . '</b>' ); echo '</p>'.
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/fortune/fortune_functions.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/fortune/fortune_functions.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/fortune/fortune_functions.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -30,7 +30,7 @@
if (!$exist) {
$sMsg = sprintf(_("%s is not found."),$fortune_location);
} else {
- $sMsg = htmlspecialchars(shell_exec($fortune_location . ' -s'));
+ $sMsg = sm_encode_html_special_chars(shell_exec($fortune_location . ' -s'));
}
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/info/functions.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/info/functions.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/info/functions.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -30,7 +30,7 @@
$sid = sqimap_session_id();
$results = array();
$query = "$sid ".trim($string)."\r\n";
- print "<tr><td>".htmlspecialchars($query)."</td></tr>";
+ print "<tr><td>".sm_encode_html_special_chars($query)."</td></tr>";
fputs ($imap_stream, $query);
$response = sqimap_read_data_list($imap_stream, $sid, false, $responses, \
$message); array_push($response, $message);
@@ -43,7 +43,7 @@
print_response($value);
}
else {
- print htmlspecialchars($value)."<br>\n";
+ print sm_encode_html_special_chars($value)."<br>\n";
}
}
}
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/info/options.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/info/options.php 2012-09-18 17:43:15 \
UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/info/options.php 2012-12-09 11:58:17 \
UTC (rev 14345) @@ -75,7 +75,7 @@
print "<tr><td bgcolor=\"".$color[4]."\"><b>Server Capability response:</b><br>\n";
foreach($caps_array[0] as $value) {
- print htmlspecialchars($value);
+ print sm_encode_html_special_chars($value);
}
print "</td></tr><tr><td>\n";
@@ -94,8 +94,8 @@
}
}
else {
- print 'folder_prefix = ' . htmlspecialchars($folder_prefix) . "<br>\n".
- 'default_charset = ' . htmlspecialchars($default_charset) . "\n";
+ print 'folder_prefix = ' . sm_encode_html_special_chars($folder_prefix) . \
"<br>\n". + 'default_charset = ' . \
sm_encode_html_special_chars($default_charset) . "\n"; }
print "<br></td></tr></table></center><br>\n";
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/listcommands/mailout.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/listcommands/mailout.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/listcommands/mailout.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -39,7 +39,7 @@
$out_string = _("This will send a message to %s requesting that you will be \
unsubscribed from this list. It will try to unsubscribe the adress below."); break;
default:
- error_box(sprintf(_("Unknown action: %s"),htmlspecialchars($action)), $color);
+ error_box(sprintf(_("Unknown action: \
%s"),sm_encode_html_special_chars($action)), $color); exit;
}
@@ -52,7 +52,7 @@
html_tag( 'td', '', 'left' );
-printf( $out_string, htmlspecialchars($send_to) );
+printf( $out_string, sm_encode_html_special_chars($send_to) );
echo '<form method="post" action="../../src/compose.php">'.
'<input type="hidden" name="smtoken" value="' . sm_generate_security_token() . \
'" />'; @@ -65,20 +65,20 @@
echo '<select name="identity">';
foreach($idents as $nr=>$data) {
echo '<option value="' . $nr . '">' .
- htmlspecialchars(
+ sm_encode_html_special_chars(
$data['full_name'].' <'.
$data['email_address'] . ">\n");
}
echo '</select>' . "\n" ;
} else {
- echo htmlspecialchars('"'.$idents[0]['full_name'].'" \
<'.$idents[0]['email_address'].'>'); + echo \
sm_encode_html_special_chars('"'.$idents[0]['full_name'].'" \
<'.$idents[0]['email_address'].'>'); }
echo '<br /><br />'
-. '<input type="hidden" name="send_to" value="' . htmlspecialchars($send_to) . '">'
-. '<input type="hidden" name="subject" value="' . htmlspecialchars($subject) . '">'
-. '<input type="hidden" name="body" value="' . htmlspecialchars($body) . '">'
-. '<input type="hidden" name="mailbox" value="' . htmlspecialchars($mailbox) . '">'
+. '<input type="hidden" name="send_to" value="' . \
sm_encode_html_special_chars($send_to) . '">' +. '<input type="hidden" name="subject" \
value="' . sm_encode_html_special_chars($subject) . '">' +. '<input type="hidden" \
name="body" value="' . sm_encode_html_special_chars($body) . '">' +. '<input \
type="hidden" name="mailbox" value="' . \
sm_encode_html_special_chars($mailbox) . '">'
. '<input type="submit" name="send" value="' . _("Send Mail") . '"><br /><br />'
. '</form></td></tr></table></body></html>';
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/fetch.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/fetch.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/fetch.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -34,7 +34,7 @@
function Mail_Fetch_Status($msg) {
echo html_tag( 'table',
html_tag( 'tr',
- html_tag( 'td', htmlspecialchars( $msg ) , 'left' )
+ html_tag( 'td', sm_encode_html_special_chars( $msg ) , 'left' )
),
'', '', 'width="90%"' );
flush();
@@ -82,7 +82,7 @@
'<option value="all" selected>..' . _("All") . "...\n";
for ($i=0;$i<$mailfetch_server_number;$i++) {
echo "<option value=\"$i\">" .
- htmlspecialchars((($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) \
. + sm_encode_html_special_chars((($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) \
. '</option>' . "\n";
}
echo '</select>' .
@@ -94,7 +94,7 @@
if ($mailfetch_pass_[$i]=='') {
echo html_tag( 'tr',
html_tag( 'td', _("Password for") . ' <b>' .
- \
htmlspecialchars((($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) \
. + \
sm_encode_html_special_chars((($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) \
. '</b>: ',
'right' ) .
html_tag( 'td', '<input type="password" name="pass_' . $i . \
'">', 'left' ) @@ -137,7 +137,7 @@
html_tag( 'table',
html_tag( 'tr',
html_tag( 'td', '<b>' . _("Fetching from ") .
- htmlspecialchars((($mailfetch_alias_[$i_loop] == \
'')?$mailfetch_server:$mailfetch_alias_[$i_loop])) . + \
sm_encode_html_special_chars((($mailfetch_alias_[$i_loop] == \
'')?$mailfetch_server:$mailfetch_alias_[$i_loop])) . '</b>',
'center' ) ,
'', $color[9] ) ,
@@ -227,7 +227,7 @@
}
$Count = $pop3->login($mailfetch_user, $mailfetch_pass);
if (($Count == false || $Count == -1) && $pop3->ERROR != '') {
- Mail_Fetch_Status(_("Login Failed:") . ' ' . \
htmlspecialchars($pop3->ERROR) ); + Mail_Fetch_Status(_("Login \
Failed:") . ' ' . sm_encode_html_special_chars($pop3->ERROR) ); \
Mail_Fetch_Status(_("Saving UIDL"));
setPref($data_dir,$username,"mailfetch_uidl_$i_loop", \
$mailfetch_uidl[$i-1]);
@@ -266,7 +266,7 @@
if( $pop3->delete($i) ) {
Mail_Fetch_Status(sprintf(_("Message %d deleted from remote \
server!"), $i)); } else {
- Mail_Fetch_Status(_("Delete failed:") . \
htmlspecialchars($pop3->ERROR) ); + Mail_Fetch_Status(_("Delete \
failed:") . sm_encode_html_special_chars($pop3->ERROR) ); }
}
} else {
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -316,7 +316,7 @@
echo '<b>' . _("Server Name:") . '</b> <select name="mf_sn">';
for ($i=0;$i<$mailfetch_server_number;$i++) {
echo "<option value=\"$i\">" .
- htmlspecialchars( \
(($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . \
"</option>"; + sm_encode_html_special_chars( \
(($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . \
"</option>"; }
echo '</select>'.
' <INPUT TYPE=submit name=mf_action_mod value="' . \
_("Modify") . '">'. @@ -342,7 +342,7 @@
html_tag( 'td',
"<INPUT TYPE=\"hidden\" NAME=\"mf_sn\" VALUE=\"$mf_sn\">" .
'<INPUT TYPE="hidden" NAME="mf_action" \
VALUE="confirm_delete">' .
- '<br>' . _("Selected Server:") . " <b>" . \
htmlspecialchars($mailfetch_server_[$mf_sn]) . "</b><br>" . + \
'<br>' . _("Selected Server:") . " <b>" . \
sm_encode_html_special_chars($mailfetch_server_[$mf_sn]) . "</b><br>" \
.
_("Confirm delete of selected server?") . '<br><br>' .
'<input type=submit name=submit_mailfetch value="' . \
_("Confirm Delete") . '">' . '<br></form>' ,
@@ -369,23 +369,23 @@
html_tag( 'table' ) .
html_tag( 'tr',
html_tag( 'th', _("Server:"), 'right' ) .
- html_tag( 'td', '<input type="text" name="mf_server" value="' . \
htmlspecialchars($mailfetch_server_[$mf_sn]) . '" size="40">', 'left' ) + \
html_tag( 'td', '<input type="text" name="mf_server" value="' . \
sm_encode_html_special_chars($mailfetch_server_[$mf_sn]) . '" size="40">', 'left' ) \
) . html_tag( 'tr',
html_tag( 'th', _("Port:"), 'right' ) .
- html_tag( 'td', '<input type="text" name="mf_port" value="' . \
htmlspecialchars($mailfetch_port_[$mf_sn]) . '" size="40">', 'left' ) + \
html_tag( 'td', '<input type="text" name="mf_port" value="' . \
sm_encode_html_special_chars($mailfetch_port_[$mf_sn]) . '" size="40">', 'left' ) ) \
. html_tag( 'tr',
html_tag( 'th', _("Alias:"), 'right' ) .
- html_tag( 'td', '<input type="text" name="mf_alias" value="' . \
htmlspecialchars($mailfetch_alias_[$mf_sn]) . '" size="40">', 'left' ) + \
html_tag( 'td', '<input type="text" name="mf_alias" value="' . \
sm_encode_html_special_chars($mailfetch_alias_[$mf_sn]) . '" size="40">', 'left' ) ) \
. html_tag( 'tr',
html_tag( 'th', _("Username:"), 'right' ) .
- html_tag( 'td', '<input type="text" name="mf_user" value="' . \
htmlspecialchars($mailfetch_user_[$mf_sn]) . '" size="20">', 'left' ) + \
html_tag( 'td', '<input type="text" name="mf_user" value="' . \
sm_encode_html_special_chars($mailfetch_user_[$mf_sn]) . '" size="20">', 'left' ) ) \
. html_tag( 'tr',
html_tag( 'th', _("Password:"), 'right' ) .
- html_tag( 'td', '<input type="password" name="mf_pass" value="' \
. htmlspecialchars($mailfetch_pass_[$mf_sn]) . '" size="20">', 'left' ) + \
html_tag( 'td', '<input type="password" name="mf_pass" value="' . \
sm_encode_html_special_chars($mailfetch_pass_[$mf_sn]) . '" size="20">', 'left' ) ) \
. html_tag( 'tr' ) .
html_tag( 'th', _("Store in Folder:"), 'right' ) .
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/message_details/message_details_bottom.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/message_details/message_details_bottom.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/message_details/message_details_bottom.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -215,7 +215,7 @@
$entities["$entStr"]['contenttype']=$reg[2].'/'.$reg[3];
}
} else if (!$nameset && preg_match("/^.*(name=\s*)\"(.*)\".*/i",$line,$reg)) {
- $name = htmlspecialchars($reg[2]);
+ $name = sm_encode_html_special_chars($reg[2]);
$content[$content_indx]['name'] = decodeHeader($name);
$nameset = true;
if (isset($entities["$entStr"])) {
@@ -246,7 +246,7 @@
}
}
*/
- $line = htmlspecialchars($line);
+ $line = sm_encode_html_special_chars($line);
$message_body .= "$pre"."$line"."$end".'<br />'."\r\n";
}
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/newmail_opt.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/newmail_opt.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/newmail_opt.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -159,8 +159,8 @@
if ($fname == $media) {
echo 'selected="selected" ';
}
- echo 'value="' . htmlspecialchars($fname) . '">' .
- htmlspecialchars($entry) . "</option>\n";
+ echo 'value="' . sm_encode_html_special_chars($fname) . '">' .
+ sm_encode_html_special_chars($entry) . "</option>\n";
}
}
$d->close();
@@ -174,8 +174,8 @@
html_tag( 'tr', "\n" .
html_tag( 'td', _("Current File:"), 'right', '', 'nowrap' ) .
html_tag( 'td', '<input type="hidden" value="' .
- htmlspecialchars($media) . '" name="media_default">' .
- htmlspecialchars($media_output) . '', 'left' )
+ sm_encode_html_special_chars($media) . '" \
name="media_default">' . + \
sm_encode_html_special_chars($media_output) . '', 'left' ) ) . "\n";
}
echo html_tag( 'tr', "\n" .
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/setup.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/setup.php 2012-09-18 17:43:15 \
UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/setup.php 2012-12-09 11:58:17 \
UTC (rev 14345) @@ -242,7 +242,7 @@
if ($totalNew > 0 && $newmail_enable == 'on' && $newmail_media != '' && \
$newmail_media != '(none)') {
$newmail_media=sqm_baseuri().'plugins/newmail/sounds/'.basename($newmail_media);
- echo '<embed src="'.htmlspecialchars($newmail_media)
+ echo '<embed src="'.sm_encode_html_special_chars($newmail_media)
."\" hidden=\"true\" autostart=\"true\" width=\"2\" \
height=\"2\">\n"; }
if ($totalNew > 0 && $newmail_popup == 'on') {
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/testsound.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/testsound.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/newmail/testsound.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -34,7 +34,7 @@
echo html_tag( 'table',
html_tag( 'tr',
html_tag( 'td',
- '<embed src="'.htmlspecialchars($sound).'" hidden="true" \
autostart="true" width="2" height="2">'. + '<embed \
src="'.sm_encode_html_special_chars($sound).'" hidden="true" autostart="true" \
width="2" height="2">'. '<br>'.
'<b>' . _("Loading the sound...") . '</b><br>'.
'<form>'.
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/options.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/options.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/options.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -130,7 +130,7 @@
'<small>(' . _("see below") . ')</small>','right','','valign="top"');
?>
<td valign="top"><form method="post" action="options.php">
- <input type="text" size="30" name="ID" value="<?php echo \
htmlspecialchars($spamcop_id) ?>" /> + <input type="text" size="30" name="ID" \
value="<?php echo sm_encode_html_special_chars($spamcop_id) ?>" /> <input \
type="hidden" name="action" value="save_id" /> <?php
echo '<input type="submit" value="' . _("Save ID") . "\" />\n";
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/spamcop.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/spamcop.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/spamcop.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -130,8 +130,8 @@
echo '<input type="button" value="' . _("Close Window") . "\" \
onClick=\"window.close(); return true;\" />\n"; } else {
?><form method="post" action="<?php echo sqm_baseuri(); ?>src/right_main.php">
- <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) \
?>" />
- <input type="hidden" name="startMessage" value="<?php echo \
htmlspecialchars($startMessage) ?>" /> + <input type="hidden" name="mailbox" \
value="<?php echo sm_encode_html_special_chars($mailbox) ?>" /> + <input \
type="hidden" name="startMessage" value="<?php echo \
sm_encode_html_special_chars($startMessage) ?>" /> <?php
echo '<input type="submit" value="' . _("Cancel / Done") . "\" />\n";
}
@@ -147,9 +147,9 @@
$form_action = sqm_baseuri() . 'src/compose.php';
?> <form method="post" action="<?php echo $form_action?>">
<input type="hidden" name="smtoken" value="<?php echo \
sm_generate_security_token(); ?>" />
- <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) \
?>" />
- <input type="hidden" name="spamcop_is_composing" value="<?php echo \
htmlspecialchars($passed_id) ?>" />
- <input type="hidden" name="send_to" value="<?php echo \
htmlspecialchars($report_email)?>" /> + <input type="hidden" name="mailbox" \
value="<?php echo sm_encode_html_special_chars($mailbox) ?>" /> + <input \
type="hidden" name="spamcop_is_composing" value="<?php echo \
sm_encode_html_special_chars($passed_id) ?>" /> + <input type="hidden" \
name="send_to" value="<?php echo sm_encode_html_special_chars($report_email)?>" /> \
<input type="hidden" name="subject" value="reply anyway" /> <input type="hidden" \
name="identity" value="0" /> <input type="hidden" name="session" value="<?php echo \
$session?>" /> @@ -171,7 +171,7 @@
} ?>
<input type="hidden" name="action" value="submit" />
<input type="hidden" name="oldverbose" value="1" />
- <input type="hidden" name="spam" value="<?php echo \
htmlspecialchars($spam_message); ?>" /> + <input type="hidden" name="spam" \
value="<?php echo sm_encode_html_special_chars($spam_message); ?>" /> <?php
echo '<input type="submit" name="x1" value="' . _("Send Spam Report") . "\" />";
}
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/check_me.mod
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/check_me.mod 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/check_me.mod 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -95,7 +95,7 @@
$spell_proc = @proc_open($sqspell_command, $descriptorspec, $pipes);
if ( ! is_resource ( $spell_proc ) ) {
error_box ( sprintf(_("Could not run the spellchecker command (%s)."),
- htmlspecialchars($sqspell_command) ) , $color );
+ sm_encode_html_special_chars($sqspell_command) ) , $color );
// close html tags and abort script.
echo "</body></html>";
exit();
@@ -133,14 +133,14 @@
$fp = @fopen($floc, 'w');
if ( ! is_resource ($fp) ) {
error_box ( sprintf(_("Could not open temporary file '%s'."),
- htmlspecialchars($floc) ) , $color );
+ sm_encode_html_special_chars($floc) ) , $color );
// failed to open temp file. abort script.
echo "</body></html>";
exit();
}
if ( ! @fwrite($fp, $sqspell_new_text) ) {
error_box ( sprintf(_("Error while writing to temporary file '%s'."),
- htmlspecialchars($floc) ) , $color );
+ sm_encode_html_special_chars($floc) ) , $color );
// close file descriptor
fclose($fp);
// failed writing to temp file. abort script.
@@ -159,7 +159,7 @@
$msg= "<div align='center'>"
. sprintf(_("I tried to execute '%s', but it returned:"),
$sqspell_command) . "<pre>"
- . htmlspecialchars(join("\n", $sqspell_output)) . '</pre>'
+ . sm_encode_html_special_chars(join("\n", $sqspell_output)) . '</pre>'
. '<form onsubmit="return false">'
. '<input type="submit" value=" ' . _("Close")
. ' " onclick="self.close()" /></form></div>';
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -82,8 +82,8 @@
$msg .= "</td><td valign=\"top\">\n";
}
$msg .= '<input type="checkbox" name="words_ary[]" '
- . 'value="' . htmlspecialchars($words_ary[$j]) . '" /> '
- . htmlspecialchars($words_ary[$j])."<br>\n";
+ . 'value="' . sm_encode_html_special_chars($words_ary[$j]) . '" /> '
+ . sm_encode_html_special_chars($words_ary[$j])."<br>\n";
}
$msg .= '</td></tr></table></td></tr>'
. "<tr bgcolor=\"$color[0]\" align=\"center\"><td>"
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/forget_me.mod
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/forget_me.mod 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/forget_me.mod 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -39,7 +39,7 @@
* Remove word by word...
*/
$lang_words=str_replace("$words_ary[$i]\n", "", $lang_words);
- $msg .= '<li>' . htmlspecialchars($words_ary[$i]) . "</li>\n";
+ $msg .= '<li>' . sm_encode_html_special_chars($words_ary[$i]) . "</li>\n";
}
$new_words_ary=split("\n", $lang_words);
/**
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/lang_change.mod
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/lang_change.mod 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/lang_change.mod 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -74,11 +74,11 @@
$lang_array = explode( ',', $lang_string );
$dsp_string = '';
foreach( $lang_array as $a) {
- $dsp_string .= _(htmlspecialchars(trim($a))) . _(", ");
+ $dsp_string .= _(sm_encode_html_special_chars(trim($a))) . _(", ");
}
$dsp_string = substr( $dsp_string, 0, -2 );
$msg = '<p>'
- . sprintf(_("Settings adjusted to: %s with %s as default dictionary."), \
'<strong>'.$dsp_string.'</strong>', \
'<strong>'._(htmlspecialchars($lang_default)).'</strong>') + . sprintf(_("Settings \
adjusted to: %s with %s as default dictionary."), '<strong>'.$dsp_string.'</strong>', \
'<strong>'._(sm_encode_html_special_chars($lang_default)).'</strong>')
. '</p>';
} else {
/**
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/translate/setup.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/translate/setup.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/translate/setup.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -226,7 +226,7 @@
}
if (! is_null($charset))
- echo ' accept-charset="'.htmlspecialchars($charset).'"';
+ echo ' accept-charset="'.sm_encode_html_special_chars($charset).'"';
echo ">\n";
@@ -251,7 +251,7 @@
<input type="hidden" name="doit" value="done" />
<input type="hidden" name="intl" value="1" />
<input type="hidden" name="tt" value="urltext" />
- <input type="hidden" name="urltext" value="<?php echo \
htmlspecialchars($message); ?>" /> + <input type="hidden" name="urltext" \
value="<?php echo sm_encode_html_special_chars($message); ?>" /> <select \
name="lp"><?php echo translate_lang_opt('zh_CN', '', 'zh_en',
sprintf( _("%s to %s"),_("Chinese, \
Simplified"),_("English"))) .
Modified: branches/SM-1_4-STABLE/squirrelmail/src/addrbook_search.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/addrbook_search.php 2012-09-18 17:43:15 \
UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/addrbook_search.php 2012-12-09 11:58:17 \
UTC (rev 14345) @@ -138,7 +138,7 @@
echo "</tr>\n";
while (list($undef, $row) = each($res)) {
- $email = htmlspecialchars(addcslashes(AddressBook::full_address($row), "'"), \
ENT_QUOTES); + $email = \
sm_encode_html_special_chars(addcslashes(AddressBook::full_address($row), "'"), \
ENT_QUOTES); if ($line % 2) {
$tr_bgcolor = $color[12];
} else {
@@ -153,12 +153,12 @@
'<a href="javascript:bcc_address(' .
"'" . $email . "');\">"._("Bcc")."</a></small>",
'center', '', 'valign="top" width="5%" nowrap' ) .
- html_tag( 'td', ' ' . htmlspecialchars($row['name']), 'left', '', \
'valign="top" nowrap' ) . + html_tag( 'td', ' ' . \
sm_encode_html_special_chars($row['name']), 'left', '', 'valign="top" nowrap' ) . \
html_tag( 'td', ' ' . '<a href="javascript:to_and_close(' .
- "'" . $email . "');\">" . htmlspecialchars($row['email']) . '</a>'
+ "'" . $email . "');\">" . \
sm_encode_html_special_chars($row['email']) . '</a>' , 'left', '', 'valign="top"' ) \
.
- html_tag( 'td', htmlspecialchars($row['label']), 'left', '', 'valign="top" \
nowrap' ); + html_tag( 'td', sm_encode_html_special_chars($row['label']), \
'left', '', 'valign="top" nowrap' ); if ($includesource) {
echo html_tag( 'td', ' ' . $row['source'], 'left', '', \
'valign="top" nowrap' ); }
Modified: branches/SM-1_4-STABLE/squirrelmail/src/addrbook_search_html.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/addrbook_search_html.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/addrbook_search_html.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -136,15 +136,15 @@
echo html_tag( 'tr', '', '', $tr_bgcolor, 'nowrap' ) .
html_tag( 'td',
'<input type="checkbox" name="send_to_search[T' . $line . ']" value = \
"' .
- htmlspecialchars($email) . '" /> ' . _("To") . ' ' .
+ sm_encode_html_special_chars($email) . '" /> ' . _("To") . \
' ' .
'<input type="checkbox" name="send_to_search[C' . $line . ']" value = \
"' .
- htmlspecialchars($email) . '" /> ' . _("Cc") . ' ' .
+ sm_encode_html_special_chars($email) . '" /> ' . _("Cc") . \
' ' .
'<input type="checkbox" name="send_to_search[B' . $line . ']" value = \
"' .
- htmlspecialchars($email) . '" /> ' . _("Bcc") . ' ' ,
+ sm_encode_html_special_chars($email) . '" /> ' . _("Bcc") . \
' ' , 'center', '', 'width="5%" nowrap' ) .
- html_tag( 'td', ' ' . htmlspecialchars($row['lastname']) . ' ' . \
htmlspecialchars($row['firstname']) . ' ', 'left', '', 'nowrap' \
) .
- html_tag( 'td', ' ' . htmlspecialchars($row['email']) . ' ', \
'left', '', 'nowrap' ) .
- html_tag( 'td', ' ' . htmlspecialchars($row['label']) . ' ', \
'left', '', 'nowrap' ); + html_tag( 'td', ' ' . \
sm_encode_html_special_chars($row['lastname']) . ' ' . \
sm_encode_html_special_chars($row['firstname']) . ' ', 'left', '', 'nowrap' ) . \
+ html_tag( 'td', ' ' . sm_encode_html_special_chars($row['email']) . \
' ', 'left', '', 'nowrap' ) . + html_tag( 'td', ' ' . \
sm_encode_html_special_chars($row['label']) . ' ', 'left', '', 'nowrap' ); } \
else { echo html_tag( 'tr', '', '', $tr_bgcolor, 'nowrap' ) .
html_tag( 'td',
@@ -155,9 +155,9 @@
addCheckBox('send_to_search[B'.$line.']', FALSE, $email).
' ' . _("Bcc") . ' ' ,
'center', '', 'width="5%" nowrap' ) .
- html_tag( 'td', ' ' . htmlspecialchars($row['name']) . ' ', \
'left', '', 'nowrap' ) .
- html_tag( 'td', ' ' . htmlspecialchars($row['email']) . ' ', \
'left', '', 'nowrap' ) .
- html_tag( 'td', ' ' . htmlspecialchars($row['label']) . ' ', \
'left', '', 'nowrap' ); + html_tag( 'td', ' ' . \
sm_encode_html_special_chars($row['name']) . ' ', 'left', '', 'nowrap' ) . + \
html_tag( 'td', ' ' . sm_encode_html_special_chars($row['email']) . ' ', \
'left', '', 'nowrap' ) . + html_tag( 'td', ' ' . \
sm_encode_html_special_chars($row['label']) . ' ', 'left', '', 'nowrap' ); }
if ($includesource) {
Modified: branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php 2012-09-18 17:43:15 UTC \
(rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php 2012-12-09 11:58:17 UTC \
(rev 14345) @@ -345,7 +345,7 @@
html_tag( 'tr',
html_tag( 'td',
"\n". '<strong><font color="' . \
$color[2] .
- '">' . _("ERROR") . ': ' . \
htmlspecialchars($abook->error) . '</font></strong>' ."\n", + \
'">' . _("ERROR") . ': ' . sm_encode_html_special_chars($abook->error) . \
'</font></strong>' ."\n", 'center' )
),
'center', '', 'width="100%"' );
@@ -400,7 +400,7 @@
html_tag( 'tr',
html_tag( 'td',
"\n". '<br /><strong><font color="' . $color[2] .
- '">' . _("ERROR") . ': ' . htmlspecialchars($formerror) . \
'</font></strong>' ."\n", + '">' . _("ERROR") . ': ' . \
sm_encode_html_special_chars($formerror) . '</font></strong>' ."\n", 'center' )
),
'center', '', 'width="100%"' );
@@ -412,7 +412,7 @@
/* Get and sort address list */
$alist = $abook->list_addr();
if(!is_array($alist)) {
- $abook->error = htmlspecialchars($abook->error);
+ $abook->error = sm_encode_html_special_chars($abook->error);
plain_error_message($abook->error, $color);
exit;
}
@@ -522,8 +522,8 @@
' ' ,
'center', '', 'valign="top" width="1%"' );
}
- echo html_tag( 'td', ' <label for="' . $row['backend'] . '_' . \
urlencode($row['nickname']) . '">' . htmlspecialchars($row['nickname']) . \
'</label> ', 'left', '', 'valign="top" width="10%" nowrap' ) .
- html_tag( 'td', ' <label for="' . $row['backend'] . '_' . \
urlencode($row['nickname']) . '">' . htmlspecialchars($row['lastname']) . ' ' . \
htmlspecialchars($row['firstname']) . '</label> ', 'left', '', 'valign="top" \
width="10%" nowrap' ) . + echo html_tag( 'td', ' <label for="' . \
$row['backend'] . '_' . urlencode($row['nickname']) . '">' . \
sm_encode_html_special_chars($row['nickname']) . '</label> ', 'left', '', \
'valign="top" width="10%" nowrap' ) . + html_tag( 'td', \
' <label for="' . $row['backend'] . '_' . urlencode($row['nickname']) . '">' . \
sm_encode_html_special_chars($row['lastname']) . ' ' . \
sm_encode_html_special_chars($row['firstname']) . '</label> ', 'left', '', \
'valign="top" width="10%" nowrap' ) .
html_tag( 'td', '', 'left', '', 'valign="top" width="10%" \
nowrap' ) . ' '; } else {
echo html_tag( 'tr', '', '', $tr_bgcolor);
@@ -538,16 +538,16 @@
' ' ,
'center', '', 'valign="top" width="1%"' );
}
- echo html_tag( 'td', ' <label for="' . $row['backend'] . '_' . \
urlencode($row['nickname']) . '">' . htmlspecialchars($row['nickname']) . \
'</label> ', 'left', '', 'valign="top" width="10%" nowrap' ) .
- html_tag( 'td', ' <label for="' . $row['backend'] . '_' . \
urlencode($row['nickname']) . '">' . htmlspecialchars($row['name']) . \
'</label> ', 'left', '', 'valign="top" width="10%" nowrap' ) . + \
echo html_tag( 'td', ' <label for="' . $row['backend'] . '_' . \
urlencode($row['nickname']) . '">' . sm_encode_html_special_chars($row['nickname']) . \
'</label> ', 'left', '', 'valign="top" width="10%" nowrap' ) . + \
html_tag( 'td', ' <label for="' . $row['backend'] . '_' . \
urlencode($row['nickname']) . '">' . sm_encode_html_special_chars($row['name']) . \
'</label> ', 'left', '', 'valign="top" width="10%" nowrap' ) .
html_tag( 'td', '', 'left', '', 'valign="top" width="10%" \
nowrap' ) . ' '; }
$email = $abook->full_address($row);
echo addHidden($row['backend'] . ':' . $row['nickname'], \
rawurlencode($email))
. makeComposeLink('src/compose.php?send_to='.rawurlencode($email),
- htmlspecialchars($row['email'])).
+ sm_encode_html_special_chars($row['email'])).
' </td>'."\n".
- html_tag( 'td', ' <label for="' . $row['backend'] . '_' . \
urlencode($row['nickname']) . '">' . htmlspecialchars($row['label']) . \
'</label> ', 'left', '', 'valign="top" width="10%"' ); + \
html_tag( 'td', ' <label for="' . $row['backend'] . '_' . \
urlencode($row['nickname']) . '">' . sm_encode_html_special_chars($row['label']) . \
'</label> ', 'left', '', 'valign="top" width="10%"' );
// add extra column if third party backend needs it
if ($abook->add_extra_field) {
Modified: branches/SM-1_4-STABLE/squirrelmail/src/compose.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/compose.php 2012-09-18 17:43:15 UTC (rev \
14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/compose.php 2012-12-09 11:58:17 UTC (rev \
14345) @@ -1236,7 +1236,7 @@
if (isset($identity) && $identity == $nr) {
echo ' selected="selected"';
}
- echo '>' . htmlspecialchars(
+ echo '>' . sm_encode_html_special_chars(
$data['full_name'] . ' <' .
$data['email_address'] . '>') .
"</option>\n";
@@ -1303,10 +1303,10 @@
} else {
echo "\n\n".($prefix_sig==true? "-- \
\n":'').decodeHeader($signature,false,false,true); }
- echo "\n\n".htmlspecialchars(decodeHeader($body,false,false,true));
+ echo "\n\n".sm_encode_html_special_chars(decodeHeader($body,false,false,true));
}
else {
- echo "\n\n".htmlspecialchars(decodeHeader($body,false,false,true));
+ echo "\n\n".sm_encode_html_special_chars(decodeHeader($body,false,false,true));
if ($default_charset == 'iso-2022-jp') {
echo "\n\n".($prefix_sig==true? "-- \
\n":'').mb_convert_encoding($signature, 'EUC-JP'); }else{
@@ -1314,7 +1314,7 @@
}
}
} else {
- echo htmlspecialchars(decodeHeader($body,false,false,true));
+ echo sm_encode_html_special_chars(decodeHeader($body,false,false,true));
}
echo '</textarea><br />' . "\n" .
' </td>' . "\n" .
@@ -1763,7 +1763,7 @@
return $succes;
} else {
$msg = '<br />'.sprintf(_("Error: Draft folder %s does not exist."),
- htmlspecialchars($draft_folder));
+ sm_encode_html_special_chars($draft_folder));
plain_error_message($msg, $color);
return false;
}
Modified: branches/SM-1_4-STABLE/squirrelmail/src/configtest.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/configtest.php 2012-09-18 17:43:15 UTC \
(rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/configtest.php 2012-12-09 11:58:17 UTC \
(rev 14345) @@ -156,7 +156,7 @@
|| strpos($variables_order, 'P') === FALSE
|| strpos($variables_order, 'C') === FALSE
|| strpos($variables_order, 'S') === FALSE) {
- do_err('Your variables_order setting is insufficient for SquirrelMail to \
function. It needs at least "GPCS", but you have it set to "' . \
htmlspecialchars($variables_order) . '"', true); + do_err('Your variables_order \
setting is insufficient for SquirrelMail to function. It needs at least "GPCS", but \
you have it set to "' . sm_encode_html_special_chars($variables_order) . '"', true); \
} else { echo $IND . "variables_order OK: $variables_order.<br />\n";
}
@@ -179,7 +179,7 @@
else if (strpos($gpc_order, 'G') === FALSE
|| strpos($gpc_order, 'P') === FALSE
|| strpos($gpc_order, 'C') === FALSE) {
- do_err('Your gpc_order setting is insufficient for SquirrelMail to function. \
It needs to be set to "GPC", but you have it set to "' . htmlspecialchars($gpc_order) \
. '"', true); + do_err('Your gpc_order setting is insufficient for \
SquirrelMail to function. It needs to be set to "GPC", but you have it set to "' . \
sm_encode_html_special_chars($gpc_order) . '"', true); } else {
echo $IND . "gpc_order OK: $gpc_order.<br />\n";
}
@@ -310,7 +310,7 @@
ob_end_clean();
// if plugins output more than newlines and spacing, stop script execution.
if (!empty($output)) {
- $plugin_load_error = 'Some output is produced when plugins are loaded. \
Usually this means there is an error in one of the plugin setup or configuration \
files. The output was: '.htmlspecialchars($output); + $plugin_load_error = \
'Some output is produced when plugins are loaded. Usually this means there is an \
error in one of the plugin setup or configuration files. The output was: \
'.sm_encode_html_special_chars($output); do_err($plugin_load_error);
}
/**
@@ -354,9 +354,9 @@
echo $IND . "Default language OK.<br />\n";
}
-echo $IND . "Base URL detected as: <tt>" . htmlspecialchars($test_location) .
+echo $IND . "Base URL detected as: <tt>" . \
sm_encode_html_special_chars($test_location) .
"</tt> (location base " . (empty($config_location_base) ? 'autodetected' : 'set \
to <tt>' .
- htmlspecialchars($config_location_base)."</tt>") . ")<br />\n";
+ sm_encode_html_special_chars($config_location_base)."</tt>") . ")<br />\n";
/* check outgoing mail */
@@ -386,20 +386,20 @@
$errorNumber, $errorString);
if(!$stream) {
do_err("Error connecting to SMTP server \"$smtpServerAddress:$smtpPort\".".
- "Server error: ($errorNumber) ".htmlspecialchars($errorString));
+ "Server error: ($errorNumber) \
".sm_encode_html_special_chars($errorString)); }
// check for SMTP code; should be 2xx to allow us access
$smtpline = fgets($stream, 1024);
if(((int) $smtpline{0}) > 3) {
do_err("Error connecting to SMTP server. Server error: ".
- htmlspecialchars($smtpline));
+ sm_encode_html_special_chars($smtpline));
}
fputs($stream, 'QUIT');
fclose($stream);
echo $IND . 'SMTP server OK (<tt><small>'.
- trim(htmlspecialchars($smtpline))."</small></tt>)<br />\n";
+ trim(sm_encode_html_special_chars($smtpline))."</small></tt>)<br />\n";
/* POP before SMTP */
if($pop_before_smtp) {
@@ -407,13 +407,13 @@
$stream = fsockopen($pop_before_smtp_host, 110, $err_no, $err_str);
if (!$stream) {
do_err("Error connecting to POP Server ($pop_before_smtp_host:110) "
- . $err_no . ' : ' . htmlspecialchars($err_str));
+ . $err_no . ' : ' . sm_encode_html_special_chars($err_str));
}
$tmp = fgets($stream, 1024);
if (substr($tmp, 0, 3) != '+OK') {
do_err("Error connecting to POP Server ($pop_before_smtp_host:110)"
- . ' '.htmlspecialchars($tmp));
+ . ' '.sm_encode_html_special_chars($tmp));
}
fputs($stream, 'QUIT');
fclose($stream);
@@ -432,24 +432,24 @@
if(!$stream) {
do_err("Error connecting to IMAP server \"$imapServerAddress:$imapPort\".".
"Server error: ($errorNumber) ".
- htmlspecialchars($errorString));
+ sm_encode_html_special_chars($errorString));
}
/** Is the first response 'OK'? */
$imapline = fgets($stream, 1024);
if(substr($imapline, 0,4) != '* OK') {
do_err('Error connecting to IMAP server. Server error: '.
- htmlspecialchars($imapline));
+ sm_encode_html_special_chars($imapline));
}
echo $IND . 'IMAP server ready (<tt><small>'.
- htmlspecialchars(trim($imapline))."</small></tt>)<br />\n";
+ sm_encode_html_special_chars(trim($imapline))."</small></tt>)<br />\n";
/** Check capabilities */
fputs($stream, "A001 CAPABILITY\r\n");
$capline = fgets($stream, 1024);
-echo $IND . 'Capabilities: <tt>'.htmlspecialchars($capline)."</tt><br />\n";
+echo $IND . 'Capabilities: <tt>'.sm_encode_html_special_chars($capline)."</tt><br \
/>\n";
if($imap_auth_mech == 'login' && stristr($capline, 'LOGINDISABLED') !== FALSE) {
do_err('Your server doesn\'t allow plaintext logins. '.
@@ -581,7 +581,7 @@
$dbh = DB::connect($dsn, true);
if (DB::isError($dbh)) {
- do_err('Database error: '. htmlspecialchars(DB::errorMessage($dbh)) \
. + do_err('Database error: '. \
sm_encode_html_special_chars(DB::errorMessage($dbh)) . ' in ' .$type .' DSN.');
}
$dbh->disconnect();
Modified: branches/SM-1_4-STABLE/squirrelmail/src/folders_rename_getname.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/folders_rename_getname.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/folders_rename_getname.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -64,7 +64,7 @@
if (strpos($displayable_old, $delimiter)) {
$old_name = substr($displayable_old, strrpos($displayable_old, $delimiter)+1);
- $parent = htmlspecialchars(substr($displayable_old,
+ $parent = sm_encode_html_special_chars(substr($displayable_old,
0,
strrpos($displayable_old, $delimiter))
. ' ' . $delimiter);
Modified: branches/SM-1_4-STABLE/squirrelmail/src/login.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/login.php 2012-09-18 17:43:15 UTC (rev \
14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/login.php 2012-12-09 11:58:17 UTC (rev \
14345) @@ -118,7 +118,7 @@
do_hook('login_cookie');
-$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? \
htmlspecialchars($loginname) : ''); +$loginname_value = (sqGetGlobalVar('loginname', \
$loginname) ? sm_encode_html_special_chars($loginname) : '');
/* Output the javascript onload function. */
Modified: branches/SM-1_4-STABLE/squirrelmail/src/options_highlight.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/options_highlight.php 2012-09-18 17:43:15 \
UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/options_highlight.php 2012-12-09 11:58:17 \
UTC (rev 14345) @@ -179,11 +179,11 @@
$links,
'left', $color[4], 'width="20%" nowrap' ) .
html_tag( 'td',
- htmlspecialchars($message_highlight_list[$i]['name']) ,
+ \
sm_encode_html_special_chars($message_highlight_list[$i]['name']) , 'left' ) .
html_tag( 'td',
$match_type . ' = ' .
- htmlspecialchars($message_highlight_list[$i]['value']) ,
+ \
sm_encode_html_special_chars($message_highlight_list[$i]['value']) , 'left' ) ,
'', '#' . $message_highlight_list[$i]['color'] ) . "\n";
}
Modified: branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -174,7 +174,7 @@
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
$str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' \
</td>' . "\n";
- $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. \
htmlspecialchars($data) . '"> </td>' . "\n"; + $str .= ' <td> <input type="text" \
name="' . $name . '" size="50" value="'. sm_encode_html_special_chars($data) . '"> \
</td>' . "\n"; $str .= '</tr>';
return $str;
@@ -185,7 +185,7 @@
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
$str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' \
</td>' . "\n";
- $str .= ' <td> <textarea name="' . $name . '" cols="50" rows="5">'. \
htmlspecialchars($data) . '</textarea> </td>' . "\n"; + $str .= ' <td> <textarea \
name="' . $name . '" cols="50" rows="5">'. sm_encode_html_special_chars($data) . \
'</textarea> </td>' . "\n"; $str .= '</tr>';
return $str;
Modified: branches/SM-1_4-STABLE/squirrelmail/src/printer_friendly_bottom.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/printer_friendly_bottom.php 2012-09-18 \
17:43:15 UTC (rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/printer_friendly_bottom.php 2012-12-09 \
11:58:17 UTC (rev 14345) @@ -131,7 +131,7 @@
) . "\n" .
html_tag( 'tr',
html_tag( 'td', _("Date").': ', 'left' ) .
- html_tag( 'td', htmlspecialchars($date), 'left' )
+ html_tag( 'td', sm_encode_html_special_chars($date), 'left' )
) . "\n" .
html_tag( 'tr',
html_tag( 'td', _("To").': ', 'left','','valign="top"' ) .
@@ -280,7 +280,7 @@
html_tag( 'td',show_readable_size($header->size), 'left') .
'</tr><tr>' .
html_tag( 'td',_("Type:"), 'right') .
- html_tag( 'td',htmlspecialchars($type0).'/'.htmlspecialchars($type1), \
'left') . + html_tag( \
'td',sm_encode_html_special_chars($type0).'/'.sm_encode_html_special_chars($type1), \
'left') . '</tr>';
if (! empty($description)) {
$attachments .= $description;
Modified: branches/SM-1_4-STABLE/squirrelmail/src/read_body.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/read_body.php 2012-09-18 17:43:15 UTC \
(rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/read_body.php 2012-12-09 11:58:17 UTC \
(rev 14345) @@ -458,7 +458,7 @@
$env[_("Cc")] = formatRecipientString($header->cc, "cc");
$env[_("Bcc")] = formatRecipientString($header->bcc, "bcc");
if ($default_use_priority) {
- $env[_("Priority")] = htmlspecialchars(getPriorityStr($header->priority));
+ $env[_("Priority")] = \
sm_encode_html_special_chars(getPriorityStr($header->priority)); }
if ($show_xmailer_default) {
$env[_("Mailer")] = decodeHeader($header->xmailer);
Modified: branches/SM-1_4-STABLE/squirrelmail/src/right_main.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/right_main.php 2012-09-18 17:43:15 UTC \
(rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/right_main.php 2012-12-09 11:58:17 UTC \
(rev 14345) @@ -174,7 +174,7 @@
do_hook('right_main_after_header');
if (isset($note)) {
- echo html_tag( 'div', '<b>' . htmlspecialchars($note) .'</b>', 'center' ) . "<br \
/>\n"; + echo html_tag( 'div', '<b>' . sm_encode_html_special_chars($note) \
.'</b>', 'center' ) . "<br />\n"; }
if ( sqgetGlobalVar('just_logged_in', $just_logged_in, SQ_SESSION) ) {
Modified: branches/SM-1_4-STABLE/squirrelmail/src/search.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/search.php 2012-09-18 17:43:15 UTC (rev \
14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/search.php 2012-12-09 11:58:17 UTC (rev \
14345) @@ -238,7 +238,7 @@
$showbox = imap_utf7_decode_local($mailbox);
}
echo html_tag( 'div', '<b><big>' . _("Folder:") . ' '.
- htmlspecialchars($showbox) .'</big></b>','center') . "\n";
+ sm_encode_html_special_chars($showbox) .'</big></b>','center') . "\n";
$msg_cnt_str = get_msgcnt_str(1, $cnt, $cnt);
$toggle_all = get_selectall_link(1, $sort);
@@ -248,7 +248,7 @@
$safe_name = preg_replace("/[^0-9A-Za-z_]/", '_', $mailbox);
$form_name = "FormMsgs" . $safe_name;
echo '<form name="' . $form_name . '" method="post" \
action="move_messages.php">' ."\n" .
- '<input type="hidden" name="mailbox" \
value="'.htmlspecialchars($mailbox).'">' . "\n" . + '<input type="hidden" \
name="mailbox" value="'.sm_encode_html_special_chars($mailbox).'">' . \
"\n" .
'<input type="hidden" name="startMessage" value="1">' . "\n" .
addHidden('smtoken', sm_generate_security_token()) . "\n";
@@ -373,9 +373,9 @@
} else {
echo html_tag( 'tr', '', '', $color[4] );
}
- echo html_tag( 'td', \
htmlspecialchars(imap_utf7_decode_local($saved_attributes['saved_folder'][$i + 1])), \
'left', '', 'width="35%"' )
- . html_tag( 'td', htmlspecialchars($saved_attributes['saved_what'][$i + 1]), \
'left' )
- . html_tag( 'td', htmlspecialchars($saved_attributes['saved_where'][$i + \
1]), 'center' ) + echo html_tag( 'td', \
sm_encode_html_special_chars(imap_utf7_decode_local($saved_attributes['saved_folder'][$i \
+ 1])), 'left', '', 'width="35%"' ) + . html_tag( 'td', \
sm_encode_html_special_chars($saved_attributes['saved_what'][$i + 1]), 'left' ) + \
. html_tag( 'td', sm_encode_html_special_chars($saved_attributes['saved_where'][$i + \
1]), 'center' )
. html_tag( 'td', '', 'right' )
. '<a href="search.php'
. '?mailbox=' . urlencode($saved_attributes['saved_folder'][$i + 1])
@@ -422,9 +422,9 @@
}
if (isset($attributes['search_what'][$i]) &&
!empty($attributes['search_what'][$i])) {
- echo html_tag( 'td', \
htmlspecialchars(imap_utf7_decode_local($attributes['search_folder'][$i])), 'left', \
'', 'width="35%"' )
- . html_tag( 'td', htmlspecialchars($attributes['search_what'][$i]), \
'left' )
- . html_tag( 'td', htmlspecialchars($attributes['search_where'][$i]), \
'center' ) + echo html_tag( 'td', \
sm_encode_html_special_chars(imap_utf7_decode_local($attributes['search_folder'][$i])), \
'left', '', 'width="35%"' ) + . html_tag( 'td', \
sm_encode_html_special_chars($attributes['search_what'][$i]), 'left' ) + \
. html_tag( 'td', sm_encode_html_special_chars($attributes['search_where'][$i]), \
'center' )
. html_tag( 'td', '', 'right' )
. "<a href=\"search.php?count=$i&submit=save&smtoken=" . \
sm_generate_security_token() . '">'
. _("save")
Modified: branches/SM-1_4-STABLE/squirrelmail/src/vcard.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/vcard.php 2012-09-18 17:43:15 UTC (rev \
14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/vcard.php 2012-12-09 11:58:17 UTC (rev \
14345) @@ -97,14 +97,14 @@
} else {
echo '<tr><td align="center">' .
sprintf(_("vCard Version %s is not supported. Some information might not be \
converted correctly."),
- htmlspecialchars($vcard_nice['version'])) .
+ sm_encode_html_special_chars($vcard_nice['version'])) .
"</td></tr>\n";
$vcard_nice['firstname'] = '';
$vcard_nice['lastname'] = '';
}
foreach ($vcard_nice as $k => $v) {
- $v = htmlspecialchars($v);
+ $v = sm_encode_html_special_chars($v);
$v = trim($v);
$vcard_safe[$k] = trim(nl2br($v));
}
@@ -166,44 +166,44 @@
'<select name="addaddr[label]">';
if (isset($vcard_nice['url'])) {
- echo '<option value="' . htmlspecialchars($vcard_nice['url']) .
+ echo '<option value="' . sm_encode_html_special_chars($vcard_nice['url']) .
'">' . _("Web Page") . "</option>\n";
}
if (isset($vcard_nice['adr'])) {
- echo '<option value="' . htmlspecialchars($vcard_nice['adr']) .
+ echo '<option value="' . sm_encode_html_special_chars($vcard_nice['adr']) .
'">' . _("Address") . "</option>\n";
}
if (isset($vcard_nice['title'])) {
- echo '<option value="' . htmlspecialchars($vcard_nice['title']) .
+ echo '<option value="' . sm_encode_html_special_chars($vcard_nice['title']) .
'">' . _("Title") . "</option>\n";
}
if (isset($vcard_nice['org'])) {
- echo '<option value="' . htmlspecialchars($vcard_nice['org']) .
+ echo '<option value="' . sm_encode_html_special_chars($vcard_nice['org']) .
'">' . _("Organization / Department") . "</option>\n";
}
if (isset($vcard_nice['title'])) {
- echo '<option value="' . htmlspecialchars($vcard_nice['title']) .
- '; ' . htmlspecialchars($vcard_nice['org']) .
+ echo '<option value="' . sm_encode_html_special_chars($vcard_nice['title']) .
+ '; ' . sm_encode_html_special_chars($vcard_nice['org']) .
'">' . _("Title & Org. / Dept.") . "</option>\n";
}
if (isset($vcard_nice['tel;work'])) {
- echo '<option value="' . htmlspecialchars($vcard_nice['tel;work']) .
+ echo '<option value="' . sm_encode_html_special_chars($vcard_nice['tel;work']) .
'">' . _("Work Phone") . "</option>\n";
}
if (isset($vcard_nice['tel;home'])) {
- echo '<option value="' . htmlspecialchars($vcard_nice['tel;home']) .
+ echo '<option value="' . sm_encode_html_special_chars($vcard_nice['tel;home']) .
'">' . _("Home Phone") . "</option>\n";
}
if (isset($vcard_nice['tel;cell'])) {
- echo '<option value="' . htmlspecialchars($vcard_nice['tel;cell']) .
+ echo '<option value="' . sm_encode_html_special_chars($vcard_nice['tel;cell']) .
'">' . _("Cellular Phone") . "</option>\n";
}
if (isset($vcard_nice['tel;fax'])) {
- echo '<option value="' . htmlspecialchars($vcard_nice['tel;fax']) .
+ echo '<option value="' . sm_encode_html_special_chars($vcard_nice['tel;fax']) .
'">' . _("Fax") . "</option>\n";
}
if (isset($vcard_nice['note'])) {
- echo '<option value="' . htmlspecialchars($vcard_nice['note']) .
+ echo '<option value="' . sm_encode_html_special_chars($vcard_nice['note']) .
'">' . _("Note") . "</option>\n";
}
echo '</select>';
@@ -212,7 +212,7 @@
<tr><td colspan="2" align="center">
<?php
echo '<input name="addaddr[email]" type="hidden" value="' .
- htmlspecialchars(!empty($vcard_nice['email;internet'])?$vcard_nice['email;internet']:'') \
. '" />' . + sm_encode_html_special_chars(!empty($vcard_nice['email;internet'])?$vcard_nice['email;internet']:'') \
. '" />' . '<input name="addaddr[firstname]" type="hidden" value="' .
$vcard_safe['firstname'] . '" />' .
'<input name="addaddr[lastname]" type="hidden" value="' .
Modified: branches/SM-1_4-STABLE/squirrelmail/src/view_header.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/view_header.php 2012-09-18 17:43:15 UTC \
(rev 14344)
+++ branches/SM-1_4-STABLE/squirrelmail/src/view_header.php 2012-12-09 11:58:17 UTC \
(rev 14345) @@ -46,7 +46,7 @@
$cnum = 0;
for ($i=1; $i < count($read); $i++) {
- $line = htmlspecialchars($read[$i]);
+ $line = sm_encode_html_special_chars($read[$i]);
switch (true) {
case (preg_match('/^>/i', $line)):
$second[$i] = $line;
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic