[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[14346] trunk/squirrelmail
From: kink () users ! sourceforge ! net
Date: 2012-12-09 12:06:31
Message-ID: E1ThfeQ-0005kJ-Vl () sfp-svn-2 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 14346
http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14346&view=rev
Author: kink
Date: 2012-12-09 12:06:30 +0000 (Sun, 09 Dec 2012)
Log Message:
-----------
Replace calls to htmlspecialchars() with sm_encode_html_special_chars().
New function sm_encode_html_special_chars() encodes HTML special
characters by calling htmlspecialchars(). It sets the character set
to ISO-8859-1, to fix compatibility with PHP >= 5.4.
Patch by Paul Lesniewski.
See #3491925
Modified Paths:
--------------
trunk/squirrelmail/class/mime/Rfc822Header.class.php
trunk/squirrelmail/class/template/PHP_Template.class.php
trunk/squirrelmail/class/template/Smarty_Template.class.php
trunk/squirrelmail/class/template/Template.class.php
trunk/squirrelmail/functions/addressbook.php
trunk/squirrelmail/functions/attachment_common.php
trunk/squirrelmail/functions/display_messages.php
trunk/squirrelmail/functions/folder_manip.php
trunk/squirrelmail/functions/forms.php
trunk/squirrelmail/functions/global.php
trunk/squirrelmail/functions/imap_general.php
trunk/squirrelmail/functions/imap_mailbox.php
trunk/squirrelmail/functions/imap_messages.php
trunk/squirrelmail/functions/mailbox_display.php
trunk/squirrelmail/functions/mime.php
trunk/squirrelmail/functions/options.php
trunk/squirrelmail/functions/page_header.php
trunk/squirrelmail/functions/strings.php
trunk/squirrelmail/include/init.php
trunk/squirrelmail/include/languages.php
trunk/squirrelmail/include/options/display.php
trunk/squirrelmail/include/options/personal.php
trunk/squirrelmail/plugins/administrator/options.php
trunk/squirrelmail/plugins/calendar/calendar.php
trunk/squirrelmail/plugins/calendar/calendar_data.php
trunk/squirrelmail/plugins/calendar/day.php
trunk/squirrelmail/plugins/calendar/event_create.php
trunk/squirrelmail/plugins/calendar/event_delete.php
trunk/squirrelmail/plugins/calendar/event_edit.php
trunk/squirrelmail/plugins/change_password/backend/ldap.php
trunk/squirrelmail/plugins/change_password/backend/peardb.php
trunk/squirrelmail/plugins/change_password/options.php
trunk/squirrelmail/plugins/filters/options.php
trunk/squirrelmail/plugins/filters/spamoptions.php
trunk/squirrelmail/plugins/fortune/functions.php
trunk/squirrelmail/plugins/info/functions.php
trunk/squirrelmail/plugins/info/options.php
trunk/squirrelmail/plugins/listcommands/mailout.php
trunk/squirrelmail/plugins/listcommands/templates/default/mailout.tpl
trunk/squirrelmail/plugins/mail_fetch/fetch.php
trunk/squirrelmail/plugins/mail_fetch/functions.php
trunk/squirrelmail/plugins/mail_fetch/options.php
trunk/squirrelmail/plugins/message_details/message_details_bottom.php
trunk/squirrelmail/plugins/newmail/functions.php
trunk/squirrelmail/plugins/newmail/newmail_opt.php
trunk/squirrelmail/plugins/spamcop/options.php
trunk/squirrelmail/plugins/spamcop/spamcop.php
trunk/squirrelmail/plugins/squirrelspell/modules/check_me.mod
trunk/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod
trunk/squirrelmail/plugins/squirrelspell/modules/forget_me.mod
trunk/squirrelmail/plugins/squirrelspell/modules/lang_change.mod
trunk/squirrelmail/plugins/squirrelspell/sqspell_functions.php
trunk/squirrelmail/plugins/translate/functions.php
trunk/squirrelmail/src/addrbook_search.php
trunk/squirrelmail/src/addrbook_search_html.php
trunk/squirrelmail/src/addressbook.php
trunk/squirrelmail/src/compose.php
trunk/squirrelmail/src/configtest.php
trunk/squirrelmail/src/folders.php
trunk/squirrelmail/src/login.php
trunk/squirrelmail/src/options_highlight.php
trunk/squirrelmail/src/options_identities.php
trunk/squirrelmail/src/options_order.php
trunk/squirrelmail/src/read_body.php
trunk/squirrelmail/src/right_main.php
trunk/squirrelmail/src/search.php
trunk/squirrelmail/src/vcard.php
trunk/squirrelmail/src/view_header.php
trunk/squirrelmail/templates/default/addrbook_addedit.tpl
trunk/squirrelmail/templates/default/addressbook_search_form.tpl
trunk/squirrelmail/templates/default/input.tpl
trunk/squirrelmail/templates/default/options_order.tpl
trunk/squirrelmail/templates/default_advanced/options_order.tpl
trunk/squirrelmail/templates/util_addressbook.php
trunk/squirrelmail/templates/util_read.php
Modified: trunk/squirrelmail/class/mime/Rfc822Header.class.php
===================================================================
--- trunk/squirrelmail/class/mime/Rfc822Header.class.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/class/mime/Rfc822Header.class.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -736,7 +736,7 @@
$value = substr($value,strlen($charset)+1);
/* FIXME: What's the status of charset decode with language information \
????
* Maybe language information contains only ascii text and \
charset_decode()
- * only runs htmlspecialchars() on it. If it contains 8bit information, \
you + * only runs sm_encode_html_special_chars() on it. If it contains \
8bit information, you
* get html encoded text in charset used by selected translation.
*/
$value = charset_decode($charset,$value);
Modified: trunk/squirrelmail/class/template/PHP_Template.class.php
===================================================================
--- trunk/squirrelmail/class/template/PHP_Template.class.php 2012-12-09 11:58:17 UTC \
(rev 14345)
+++ trunk/squirrelmail/class/template/PHP_Template.class.php 2012-12-09 12:06:30 UTC \
(rev 14346) @@ -65,7 +65,7 @@
* @param mixed $value the value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even \
nl2br()?)
*
*/
function assign($tpl_var, $value = NULL) {
@@ -93,7 +93,7 @@
* @param mixed $value the referenced value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even \
nl2br()?)
*
*/
function assign_by_ref($tpl_var, &$value) {
@@ -159,7 +159,7 @@
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even \
nl2br()?)
*
*/
function append($tpl_var, $value = NULL, $merge = FALSE)
@@ -220,7 +220,7 @@
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even \
nl2br()?)
*
*/
function append_by_ref($tpl_var, &$value, $merge = FALSE)
Modified: trunk/squirrelmail/class/template/Smarty_Template.class.php
===================================================================
--- trunk/squirrelmail/class/template/Smarty_Template.class.php 2012-12-09 11:58:17 \
UTC (rev 14345)
+++ trunk/squirrelmail/class/template/Smarty_Template.class.php 2012-12-09 12:06:30 \
UTC (rev 14346) @@ -84,7 +84,7 @@
* @param mixed $value the value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even \
nl2br()?)
*
*/
function assign($tpl_var, $value = NULL) {
@@ -100,7 +100,7 @@
* @param mixed $value the referenced value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even \
nl2br()?)
*
*/
function assign_by_ref($tpl_var, &$value) {
@@ -152,7 +152,7 @@
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even \
nl2br()?)
*
*/
function append($tpl_var, $value = NULL, $merge = FALSE) {
@@ -175,7 +175,7 @@
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even \
nl2br()?)
*
*/
function append_by_ref($tpl_var, &$value, $merge = FALSE) {
Modified: trunk/squirrelmail/class/template/Template.class.php
===================================================================
--- trunk/squirrelmail/class/template/Template.class.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/class/template/Template.class.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -1480,7 +1480,7 @@
if (empty($template)) {
- trigger_error('The template "' . htmlspecialchars($file)
+ trigger_error('The template "' . sm_encode_html_special_chars($file)
. '" could not be fetched!', E_USER_ERROR);
} else {
Modified: trunk/squirrelmail/functions/addressbook.php
===================================================================
--- trunk/squirrelmail/functions/addressbook.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/addressbook.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -162,7 +162,7 @@
* display address book init errors.
*/
if ($abook_init_error!='' && $showerr) {
- error_box(nl2br(htmlspecialchars($abook_init_error)));
+ error_box(nl2br(sm_encode_html_special_chars($abook_init_error)));
}
/* Return the initialized object */
@@ -414,7 +414,7 @@
*
* Extra field can be used to add link to form, which allows
* to modify all fields supported by backend. This is the only field
- * that is not sanitized with htmlspecialchars. Backends MUST make
+ * that is not sanitized with sm_encode_html_special_chars. Backends MUST make
* sure that field data is sanitized and displayed correctly inside
* table cell. Use of html formating in other address book fields is
* not allowed. Backends that don't return 'extra' row in address book
Modified: trunk/squirrelmail/functions/attachment_common.php
===================================================================
--- trunk/squirrelmail/functions/attachment_common.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/functions/attachment_common.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -147,7 +147,7 @@
$Args[0]['attachment_common']['href'] = Where it links to */
sqgetGlobalVar('QUERY_STRING', $QUERY_STRING, SQ_SERVER);
- // if htmlspecialchars() breaks something - find other way to encode & in url.
+ // if sm_encode_html_special_chars() breaks something - find other way to encode \
& in url.
$Args[0]['attachment_common']['href'] = $base_uri . 'src/view_text.php?'. \
$QUERY_STRING; $Args[0]['attachment_common']['href'] =
set_url_var($Args[0]['attachment_common']['href'],
Modified: trunk/squirrelmail/functions/display_messages.php
===================================================================
--- trunk/squirrelmail/functions/display_messages.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/functions/display_messages.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -28,7 +28,7 @@
$link = array (
'URL' => sqm_baseuri()."src/right_main.php?sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox",
'TEXT' => sprintf (_("Click here to return to %s"),
- strtoupper($mailbox) == 'INBOX' ? _("INBOX") : \
htmlspecialchars(imap_utf7_decode_local($mailbox))) + \
strtoupper($mailbox) == 'INBOX' ? _("INBOX") : \
sm_encode_html_special_chars(imap_utf7_decode_local($mailbox))) );
error_box($message, $link);
}
Modified: trunk/squirrelmail/functions/folder_manip.php
===================================================================
--- trunk/squirrelmail/functions/folder_manip.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/folder_manip.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -124,9 +124,9 @@
sqimap_logout($imapConnection);
$oTemplate->assign('dialog_type', 'rename');
- $oTemplate->assign('parent_folder', htmlspecialchars($old_parent));
- $oTemplate->assign('current_full_name', htmlspecialchars($old));
- $oTemplate->assign('current_folder_name', htmlspecialchars($old_name));
+ $oTemplate->assign('parent_folder', sm_encode_html_special_chars($old_parent));
+ $oTemplate->assign('current_full_name', sm_encode_html_special_chars($old));
+ $oTemplate->assign('current_folder_name', \
sm_encode_html_special_chars($old_name)); $oTemplate->assign('is_folder', \
$isfolder);
$oTemplate->display('folder_manip_dialog.tpl');
@@ -198,8 +198,8 @@
sqimap_logout($imapConnection);
$oTemplate->assign('dialog_type', 'delete');
- $oTemplate->assign('folder_name', htmlspecialchars($folder_name));
- $oTemplate->assign('visible_folder_name', \
htmlspecialchars($visible_folder_name)); + $oTemplate->assign('folder_name', \
sm_encode_html_special_chars($folder_name)); + \
$oTemplate->assign('visible_folder_name', \
sm_encode_html_special_chars($visible_folder_name));
$oTemplate->display('folder_manip_dialog.tpl');
$oTemplate->display('footer.tpl');
Modified: trunk/squirrelmail/functions/forms.php
===================================================================
--- trunk/squirrelmail/functions/forms.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/forms.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -4,7 +4,7 @@
* forms.php - html form functions
*
* Functions to build forms in a safe and consistent manner.
- * All attribute values are sanitized with htmlspecialchars().
+ * All attribute values are sanitized with sm_encode_html_special_chars().
//FIXME: I think the Template class might be better place to sanitize inside \
assign() method
*
* Currently functions don't provide simple wrappers for file and
@@ -65,7 +65,7 @@
global $oTemplate;
$oTemplate->assign('type', $sType);
-//FIXME: all the values in the $aAttribs list used to go thru htmlspecialchars()... \
I would propose that most everything that is assigned to the template should go thru \
that *in the template class* on its way between here and the actual template file. \
Otherwise we have to do something like: foreach ($aAttribs as $key => $value) \
$aAttribs[$key] = htmlspecialchars($value); +//FIXME: all the values in the $aAttribs \
list used to go thru sm_encode_html_special_chars()... I would propose that most \
everything that is assigned to the template should go thru that *in the template \
class* on its way between here and the actual template file. Otherwise we have to do \
something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = \
sm_encode_html_special_chars($value); $oTemplate->assign('aAttribs', $aAttribs);
return $oTemplate->fetch('input.tpl');
@@ -187,7 +187,7 @@
if (!$bMultiple && count($aValues) == 1) {
$k = key($aValues); $v = array_pop($aValues);
return addHidden($sName, ($bUsekeys ? $k : $v), $aAttribs)
- . htmlspecialchars($v);
+ . sm_encode_html_special_chars($v);
}
if (! isset($aAttribs['id'])) $aAttribs['id'] = $sName;
@@ -201,7 +201,7 @@
global $oTemplate;
-//FIXME: all the values in the $aAttribs list and $sName and both the keys and \
values in $aValues used to go thru htmlspecialchars()... I would propose that most \
everything that is assigned to the template should go thru that *in the template \
class* on its way between here and the actual template file. Otherwise we have to do \
something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = \
htmlspecialchars($value); $sName = htmlspecialchars($sName); $aNewValues = array(); \
foreach ($aValues as $key => $value) $aNewValues[htmlspecialchars($key)] = \
htmlspecialchars($value); $aValues = $aNewValues; And probably this too because it \
has to be matched to a value that has already been sanitized: $default = \
htmlspecialchars($default); (oops, watch out for when $default is an array! \
(multiple select lists)) +//FIXME: all the values in the $aAttribs list and $sName \
and both the keys and values in $aValues used to go thru \
sm_encode_html_special_chars()... I would propose that most everything that is \
assigned to the template should go thru that *in the template class* on its way \
between here and the actual template file. Otherwise we have to do something like: \
foreach ($aAttribs as $key => $value) $aAttribs[$key] = \
sm_encode_html_special_chars($value); $sName = sm_encode_html_special_chars($sName); \
$aNewValues = array(); foreach ($aValues as $key => $value) \
$aNewValues[sm_encode_html_special_chars($key)] = \
sm_encode_html_special_chars($value); $aValues = $aNewValues; And probably this too \
because it has to be matched to a value that has already been sanitized: $default = \
sm_encode_html_special_chars($default); (oops, watch out for when $default is an \
array! (multiple select lists)) $oTemplate->assign('aAttribs', $aAttribs);
$oTemplate->assign('aValues', $aValues);
$oTemplate->assign('bUsekeys', $bUsekeys);
@@ -300,7 +300,7 @@
global $oTemplate;
-//FIXME: all the values in the $aAttribs list as well as $sName and $sText used to \
go thru htmlspecialchars()... I would propose that most everything that is assigned \
to the template should go thru that *in the template class* on its way between here \
and the actual template file. Otherwise we have to do something like: foreach \
($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sName = \
htmlspecialchars($sName); $sText = htmlspecialchars($sText); +//FIXME: all the values \
in the $aAttribs list as well as $sName and $sText used to go thru \
sm_encode_html_special_chars()... I would propose that most everything that is \
assigned to the template should go thru that *in the template class* on its way \
between here and the actual template file. Otherwise we have to do something like: \
foreach ($aAttribs as $key => $value) $aAttribs[$key] = \
sm_encode_html_special_chars($value); $sName = sm_encode_html_special_chars($sName); \
$sText = sm_encode_html_special_chars($sText); $oTemplate->assign('aAttribs', \
$aAttribs); $oTemplate->assign('name', $sName);
$oTemplate->assign('text', $sText);
@@ -336,7 +336,7 @@
global $oTemplate;
-//FIXME: all the values in the $aAttribs list as well as $charset used to go thru \
htmlspecialchars()... I would propose that most everything that is assigned to the \
template should go thru that *in the template class* on its way between here and the \
actual template file. Otherwise we have to do something like: foreach ($aAttribs as \
$key => $value) $aAttribs[$key] = htmlspecialchars($value); $sCharset = \
htmlspecialchars($sCharset); +//FIXME: all the values in the $aAttribs list as well \
as $charset used to go thru sm_encode_html_special_chars()... I would propose that \
most everything that is assigned to the template should go thru that *in the template \
class* on its way between here and the actual template file. Otherwise we have to do \
something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = \
sm_encode_html_special_chars($value); $sCharset = \
sm_encode_html_special_chars($sCharset); $oTemplate->assign('aAttribs', $aAttribs);
$oTemplate->assign('name', $sName);
$oTemplate->assign('method', $sMethod);
Modified: trunk/squirrelmail/functions/global.php
===================================================================
--- trunk/squirrelmail/functions/global.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/global.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -764,8 +764,8 @@
/**
- * Sanitize a value using htmlspecialchars() or similar, but also
- * recursively run htmlspecialchars() (or similar) on array keys
+ * Sanitize a value using sm_encode_html_special_chars() or similar, but also
+ * recursively run sm_encode_html_special_chars() (or similar) on array keys
* and values.
*
* If $value is not a string or an array with strings in it,
@@ -811,7 +811,7 @@
if ($quote_style === TRUE)
return str_replace(array('\'', '"'), array(''', '"'), $value);
else
- return htmlspecialchars($value, $quote_style);
+ return sm_encode_html_special_chars($value, $quote_style);
}
// anything else gets returned with no changes
Modified: trunk/squirrelmail/functions/imap_general.php
===================================================================
--- trunk/squirrelmail/functions/imap_general.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/imap_general.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -349,7 +349,7 @@
'sqimap_run_command or sqimap_run_command_list instead<br /><br />'.
'The following query was issued:<br />'.
//FIXME: NO HTML IN CORE!
- htmlspecialchars($query) . '<br />' . "</font><br />\n";
+ sm_encode_html_special_chars($query) . '<br />' . "</font><br />\n";
error_box($string);
$oTemplate->display('footer.tpl');
exit;
@@ -376,11 +376,11 @@
$cmd= strtolower($cmd[0]);
if ($query != '' && $cmd != 'login')
- $string .= _("Query:") . ' ' . htmlspecialchars($query) . '<br />';
+ $string .= _("Query:") . ' ' . sm_encode_html_special_chars($query) . '<br \
/>'; if ($message_title != '')
$string .= $message_title;
if ($message != '')
- $string .= htmlspecialchars($message);
+ $string .= sm_encode_html_special_chars($message);
//FIXME: NO HTML IN CORE!
$string .= "</font><br />\n";
if ($link != '')
@@ -941,7 +941,7 @@
//FIXME: UUURG... We don't want HTML in error messages, should also do html \
sanitizing of error messages elsewhere; should't assume output is destined for an \
HTML browser here if ($response != 'NO') {
/* "BAD" and anything else gets reported here. */
- $message = htmlspecialchars($message);
+ $message = sm_encode_html_special_chars($message);
set_up_language($squirrelmail_language, true);
if ($response == 'BAD') {
if ($hide == 3) return sprintf(_("Bad request: %s"), $message);
@@ -953,7 +953,7 @@
if (isset($read) && is_array($read)) {
$string .= '<br />' . _("Read data:") . "<br />\n";
foreach ($read as $line) {
- $string .= htmlspecialchars($line) . "<br />\n";
+ $string .= sm_encode_html_special_chars($line) . "<br />\n";
}
}
error_box($string);
Modified: trunk/squirrelmail/functions/imap_mailbox.php
===================================================================
--- trunk/squirrelmail/functions/imap_mailbox.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/imap_mailbox.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -432,7 +432,7 @@
*/
if (strstr($mailbox, '../') || substr($mailbox, 0, 1) == '/') {
global $oTemplate;
- error_box(sprintf(_("Invalid mailbox name: \
%s"),htmlspecialchars($mailbox))); + error_box(sprintf(_("Invalid mailbox \
name: %s"),sm_encode_html_special_chars($mailbox))); sqimap_logout($imap_stream);
$oTemplate->display('footer.tpl');
die();
@@ -784,7 +784,7 @@
// i18n: Name of Drafts folder
$box2 = $pad . _("Drafts");
} else {
- $box2 = str_replace('&nbsp;&nbsp;', '. ', \
htmlspecialchars($boxes_part['formatted'])); + $box2 = \
str_replace('&nbsp;&nbsp;', '. ', \
sm_encode_html_special_chars($boxes_part['formatted'])); }
break;
case SMPREF_MAILBOX_SELECT_INDENTED:
@@ -798,16 +798,16 @@
$pad = str_pad('',12 * \
(count(explode($delimiter,$boxes_part['unformatted-dm']))-1),' '); $box2 \
= $pad . _("Drafts"); } else {
- $box2 = str_replace('&nbsp;&nbsp;', \
' ', htmlspecialchars($boxes_part['formatted'])); + \
$box2 = str_replace('&nbsp;&nbsp;', ' ', \
sm_encode_html_special_chars($boxes_part['formatted'])); }
break;
default: /* default, long names, style = 0 */
- $box2 = str_replace(' ', ' ', \
htmlspecialchars(imap_utf7_decode_local($boxes_part['unformatted-disp']))); + \
$box2 = str_replace(' ', ' ', \
sm_encode_html_special_chars(imap_utf7_decode_local($boxes_part['unformatted-disp'])));
break;
}
}
- $a[htmlspecialchars($box)] = $box2;
+ $a[sm_encode_html_special_chars($box)] = $box2;
}
}
@@ -843,12 +843,12 @@
$str = '';
foreach ($boxes as $value=>$option) {
- $lowerbox = strtolower(htmlspecialchars($value));
+ $lowerbox = strtolower(sm_encode_html_special_chars($value));
$sel = false;
if ($show_selected != 0) {
reset($show_selected);
while (!$sel && (list($x, $val) = each($show_selected))) {
- if (strtolower($value) == strtolower(htmlspecialchars($val))) {
+ if (strtolower($value) == \
strtolower(sm_encode_html_special_chars($val))) { $sel = true;
}
}
Modified: trunk/squirrelmail/functions/imap_messages.php
===================================================================
--- trunk/squirrelmail/functions/imap_messages.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/functions/imap_messages.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -622,7 +622,7 @@
$aMsg['ID'] = $id;
$fetch = substr($read,$i_space+1,5);
if (!is_numeric($id) && $fetch !== 'FETCH') {
- $aMsg['ERROR'] = $read; // htmlspecialchars should be done just before \
display. this is backend code + $aMsg['ERROR'] = $read; // \
sm_encode_html_special_chars should be done just before display. this is backend code \
break; }
$i = strpos($read,'(',$i_space+5);
Modified: trunk/squirrelmail/functions/mailbox_display.php
===================================================================
--- trunk/squirrelmail/functions/mailbox_display.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/functions/mailbox_display.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -554,11 +554,11 @@
$sMailbox = (isset($aAddr[SQM_ADDR_MAILBOX])) ? \
$aAddr[SQM_ADDR_MAILBOX] : '';
$sHost = (isset($aAddr[SQM_ADDR_HOST])) ? \
$aAddr[SQM_ADDR_HOST] : ''; if ($sPersonal) {
- $title .= htmlspecialchars($sMailbox.'@'.$sHost).', \
'; + $title .= \
sm_encode_html_special_chars($sMailbox.'@'.$sHost).', '; } else {
// if $value gets truncated we need to add the \
addresses with no // personal name as well
- $title_maybe .= \
htmlspecialchars($sMailbox.'@'.$sHost).', '; + \
$title_maybe .= sm_encode_html_special_chars($sMailbox.'@'.$sHost).', '; }
}
if ($title) {
Modified: trunk/squirrelmail/functions/mime.php
===================================================================
--- trunk/squirrelmail/functions/mime.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/mime.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -63,7 +63,7 @@
displayPageHeader( $color, $mailbox );
$errormessage = _("SquirrelMail could not decode the bodystructure of the \
message");
$errormessage .= '<br />'._("The bodystructure provided by your IMAP \
server:").'<br /><br />';
- $errormessage .= '<pre>' . htmlspecialchars($read) . '</pre>';
+ $errormessage .= '<pre>' . sm_encode_html_special_chars($read) . '</pre>';
plain_error_message( $errormessage );
echo '</body></html>';
exit;
@@ -632,7 +632,7 @@
$this_attachment['DownloadHREF'] = $links['download link']['href'];
$this_attachment['ViewHREF'] = isset($links['attachment_common']) ? \
$links['attachment_common']['href'] : ''; $this_attachment['Size'] = $header->size;
- $this_attachment['ContentType'] = htmlspecialchars($type0 .'/'. $type1);
+ $this_attachment['ContentType'] = sm_encode_html_special_chars($type0 .'/'. \
$type1); $this_attachment['OtherLinks'] = array();
foreach ($links as $val) {
if ($val['text']==_("Download") || $val['text'] == _("View"))
@@ -831,7 +831,7 @@
$iLastMatch = $i;
$j = $i;
if ($htmlsafe) {
- $ret .= htmlspecialchars($res[1]);
+ $ret .= sm_encode_html_special_chars($res[1]);
} else {
$ret .= $res[1];
}
@@ -860,7 +860,7 @@
}
} else {
if ($htmlsafe) {
- $replace = htmlspecialchars($replace);
+ $replace = sm_encode_html_special_chars($replace);
}
$ret.= $replace;
}
@@ -881,7 +881,7 @@
}
} else {
if ($htmlsafe) {
- $replace = htmlspecialchars($replace);
+ $replace = sm_encode_html_special_chars($replace);
}
}
$ret .= $replace;
@@ -901,7 +901,7 @@
}
if (!$encoded && $htmlsafe) {
- $ret .= htmlspecialchars($chunk);
+ $ret .= sm_encode_html_special_chars($chunk);
} else {
$ret .= $chunk;
}
Modified: trunk/squirrelmail/functions/options.php
===================================================================
--- trunk/squirrelmail/functions/options.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/options.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -475,9 +475,9 @@
//TODO: might be better to have a separate template file for all widgets, because \
then the layout of the widget and the "trailing text" can be customized - they are \
still hard coded here if ($password)
- return addPwField('new_' . $this->name, $this->value, $width, 0, \
$this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text); + \
return addPwField('new_' . $this->name, $this->value, $width, 0, \
$this->aExtraAttribs) . ' ' . sm_encode_html_special_chars($this->trailing_text); \
else
- return addInput('new_' . $this->name, $this->value, $width, 0, \
$this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text); + \
return addInput('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) \
. ' ' . sm_encode_html_special_chars($this->trailing_text); }
/**
@@ -547,7 +547,7 @@
$height = 5;
}
- return addSelect('new_' . $this->name, $this->possible_values, $this->value, \
TRUE, $this->aExtraAttribs, $multiple_select, $height, !$this->htmlencoded) . \
htmlspecialchars($this->trailing_text); + return addSelect('new_' . \
$this->name, $this->possible_values, $this->value, TRUE, $this->aExtraAttribs, \
$multiple_select, $height, !$this->htmlencoded) . \
sm_encode_html_special_chars($this->trailing_text);
}
@@ -605,7 +605,7 @@
$option_list = array('ignore' => _("unavailable"));
- return addSelect('new_' . $this->name, $option_list, $this->value, TRUE, \
$this->aExtraAttribs, $multiple_select, $height) . \
htmlspecialchars($this->trailing_text); + return addSelect('new_' . \
$this->name, $option_list, $this->value, TRUE, $this->aExtraAttribs, \
$multiple_select, $height) . sm_encode_html_special_chars($this->trailing_text);
}
@@ -792,7 +792,7 @@
*/
function createWidget_Submit() {
- return addSubmit($this->comment, $this->name, $this->aExtraAttribs) . \
htmlspecialchars($this->trailing_text); + return addSubmit($this->comment, \
$this->name, $this->aExtraAttribs) . \
sm_encode_html_special_chars($this->trailing_text);
}
Modified: trunk/squirrelmail/functions/page_header.php
===================================================================
--- trunk/squirrelmail/functions/page_header.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/page_header.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -284,7 +284,7 @@
* this explains the imap_mailbox.php dependency. We should instead store
* the selected mailbox in the session and fallback to the session var.
*/
- $shortBoxName = htmlspecialchars(imap_utf7_decode_local(
+ $shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local(
readShortMailboxName($mailbox, $delimiter)));
if (getPref($data_dir, $username, 'translate_special_folders')) {
global $sent_folder, $trash_folder, $draft_folder;
Modified: trunk/squirrelmail/functions/strings.php
===================================================================
--- trunk/squirrelmail/functions/strings.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/strings.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -1674,3 +1674,38 @@
}
+/**
+ * Wrapper for PHP's htmlspecialchars() that
+ * attempts to add the correct character encoding
+ *
+ * @param string $string The string to be converted
+ * @param int $flags A bitmask that controls the behavior of htmlspecialchars()
+ * (See http://php.net/manual/function.htmlspecialchars.php )
+ * (OPTIONAL; default ENT_COMPAT)
+ * @param string $encoding The character encoding to use in the conversion
+ * (OPTIONAL; default automatic detection)
+ * @param boolean $double_encode Whether or not to convert entities that are
+ * already in the string (only supported in
+ * PHP 5.2.3+) (OPTIONAL; default TRUE)
+ *
+ * @return string The converted text
+ *
+ */
+function sm_encode_html_special_chars($string, $flags=ENT_COMPAT,
+ $encoding=NULL, $double_encode=TRUE)
+{
+ if (!$encoding)
+ {
+ global $default_charset;
+ if ($default_charset == 'iso-2022-jp')
+ $default_charset = 'EUC-JP';
+ $encoding = $default_charset;
+ }
+
+// TODO: Is adding this check an unnecessary performance hit?
+ if (check_php_version(5, 2, 3))
+ return htmlspecialchars($string, $flags, $encoding, $double_encode);
+
+ return htmlspecialchars($string, $flags, $encoding);
+}
+
Modified: trunk/squirrelmail/include/init.php
===================================================================
--- trunk/squirrelmail/include/init.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/include/init.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -274,20 +274,20 @@
* or
* contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E
* because it doesn't bother with broken tags.
- * htmlspecialchars() is the preferred method.
+ * sm_encode_html_special_chars() is the preferred method.
* QUERY_STRING also needs the same treatment since it is
* used in php_self().
* Update again: the encoding of ampersands that occurs
- * using htmlspecialchars() corrupts the query strings
+ * using sm_encode_html_special_chars() corrupts the query strings
* in normal URIs, so we have to let those through.
FIXME: will the de-sanitizing of ampersands create any security/XSS problems?
*/
if (isset($_SERVER['REQUEST_URI']))
- $_SERVER['REQUEST_URI'] = str_replace('&', '&', \
htmlspecialchars($_SERVER['REQUEST_URI'])); + $_SERVER['REQUEST_URI'] = \
str_replace('&', '&', sm_encode_html_special_chars($_SERVER['REQUEST_URI'])); if \
(isset($_SERVER['PHP_SELF']))
- $_SERVER['PHP_SELF'] = str_replace('&', '&', \
htmlspecialchars($_SERVER['PHP_SELF'])); + $_SERVER['PHP_SELF'] = \
str_replace('&', '&', sm_encode_html_special_chars($_SERVER['PHP_SELF'])); if \
(isset($_SERVER['QUERY_STRING']))
- $_SERVER['QUERY_STRING'] = str_replace('&', '&', \
htmlspecialchars($_SERVER['QUERY_STRING'])); + $_SERVER['QUERY_STRING'] = \
str_replace('&', '&', sm_encode_html_special_chars($_SERVER['QUERY_STRING']));
$PHP_SELF = php_self();
Modified: trunk/squirrelmail/include/languages.php
===================================================================
--- trunk/squirrelmail/include/languages.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/include/languages.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -193,7 +193,7 @@
* @param string $string Text to be decoded
* @param boolean $force_decode converts string to html without \
$charset!=$default_charset check.
* Argument is available since 1.4.5 and 1.5.1.
- * @param boolean $save_html disables htmlspecialchars() in order to preserve
+ * @param boolean $save_html disables sm_encode_html_special_chars() in order to \
preserve
* html formating. Use with care. Available since 1.4.6 and 1.5.1
* @return string decoded string
*/
@@ -218,7 +218,7 @@
// Don't do conversion if charset is the same.
if ( ! $force_decode && $charset == strtolower($default_charset) )
- return ($save_html ? $string : htmlspecialchars($string));
+ return ($save_html ? $string : sm_encode_html_special_chars($string));
// catch iso-8859-8-i thing
if ( $charset == "iso-8859-8-i" )
@@ -234,10 +234,10 @@
// other charsets can be converted to utf-8 without loss.
// and output string is smaller
$string = recode_string($charset . "..utf-8",$string);
- return ($save_html ? $string : htmlspecialchars($string));
+ return ($save_html ? $string : sm_encode_html_special_chars($string));
} else {
$string = recode_string($charset . "..html",$string);
- // recode does not convert single quote, htmlspecialchars does.
+ // recode does not convert single quote, sm_encode_html_special_chars \
does. $string = str_replace("'", ''', $string);
// undo html specialchars
if ($save_html)
@@ -250,13 +250,13 @@
// iconv functions does not have html target and can be used only with utf-8
if ( $use_php_iconv && $default_charset=='utf-8') {
$string = iconv($charset,$default_charset,$string);
- return ($save_html ? $string : htmlspecialchars($string));
+ return ($save_html ? $string : sm_encode_html_special_chars($string));
}
// If we don't use recode and iconv, we'll do it old way.
/* All HTML special characters are 7 bit and can be replaced first */
- if (! $save_html) $string = htmlspecialchars ($string);
+ if (! $save_html) $string = sm_encode_html_special_chars ($string);
/* controls cpu and memory intensive decoding cycles */
if (! isset($aggressive_decoding) || $aggressive_decoding=="" ) {
@@ -279,7 +279,7 @@
* @since 1.4.4 and 1.5.1
* @param string $string
* @param string $charset
- * @param boolean $htmlencode keep htmlspecialchars encoding
+ * @param boolean $htmlencode keep sm_encode_html_special_chars encoding
* @return string
*/
function charset_encode($string,$charset,$htmlencode=true) {
@@ -323,7 +323,7 @@
* @param string $in_charset initial charset
* @param string $string string that has to be converted
* @param string $out_charset final charset
- * @param boolean $htmlencode keep htmlspecialchars encoding
+ * @param boolean $htmlencode keep sm_encode_html_special_chars encoding
* @return string converted string
*/
function charset_convert($in_charset,$string,$out_charset,$htmlencode=true) {
Modified: trunk/squirrelmail/include/options/display.php
===================================================================
--- trunk/squirrelmail/include/options/display.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/include/options/display.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -82,14 +82,14 @@
$template_themes = $oTemplate->get_alternative_stylesheets(true);
asort($template_themes);
foreach ($template_themes as $sheet=>$name) {
- $theme_values[$sheet] = 'Template Theme - '.htmlspecialchars($name);
+ $theme_values[$sheet] = 'Template Theme - \
'.sm_encode_html_special_chars($name); }
// Next, list user-provided styles
asort($user_themes);
foreach ($user_themes as $style) {
if ($style['PATH'] == 'none')
continue;
- $theme_values[$style['PATH']] = 'User Theme - \
'.htmlspecialchars($style['NAME']); + $theme_values[$style['PATH']] = 'User \
Theme - '.sm_encode_html_special_chars($style['NAME']); }
if (count($user_themes) + count($template_themes) > 1) {
Modified: trunk/squirrelmail/include/options/personal.php
===================================================================
--- trunk/squirrelmail/include/options/personal.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/include/options/personal.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -104,7 +104,7 @@
'caption' => _("E-mail Address"),
'type' => SMOPT_TYPE_COMMENT,
'refresh' => SMOPT_REFRESH_NONE,
- 'comment' => htmlspecialchars($email_address)
+ 'comment' => sm_encode_html_special_chars($email_address)
);
}
Modified: trunk/squirrelmail/plugins/administrator/options.php
===================================================================
--- trunk/squirrelmail/plugins/administrator/options.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/administrator/options.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -422,7 +422,7 @@
}
echo "<tr><td valign=\"top\">$name</td><td>"
."<textarea cols=\"$size\" rows=\"4\" name=\"adm_$n\">"
- .htmlspecialchars(stripslashes(substr( $v, 1, strlen( $v ) - 2 )))
+ .sm_encode_html_special_chars(stripslashes(substr( $v, 1, strlen( $v \
) - 2 )))
."</textarea>";
if ( isset( $defcfg[$k]['comment'] ) ) {
echo ' ' . $defcfg[$k]['comment'];
@@ -440,7 +440,7 @@
}
echo "<tr><td>$name</td><td>"
."<input size=\"$size\" name=\"adm_$n\" value=\""
- .htmlspecialchars(stripslashes(substr( $v, 1, strlen( $v ) - 2 )))
+ .sm_encode_html_special_chars(stripslashes(substr( $v, 1, strlen( $v \
) - 2 )))
.'" />';
if ( isset( $defcfg[$k]['comment'] ) ) {
echo ' ' . $defcfg[$k]['comment'];
Modified: trunk/squirrelmail/plugins/calendar/calendar.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/calendar.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/calendar/calendar.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -114,11 +114,11 @@
$calbar = $calendardata[$cdate][$calfoo['key']];
// FIXME: how to display multiline task
$title = '['. $calfoo['key']. '] ' .
- str_replace(array("\r","\n"),array(' ',' \
'),htmlspecialchars($calbar['message'])); + \
str_replace(array("\r","\n"),array(' ',' \
'),sm_encode_html_special_chars($calbar['message'])); // FIXME: link to nowhere
echo "<a href=\"#\" style=\"text-decoration:none; color: "
.($calbar['priority']==1 ? $color[1] : $color[6])
- ."\" \
title=\"$title\">".htmlspecialchars($calbar['title'])."</a><br />\n"; + \
."\" title=\"$title\">".sm_encode_html_special_chars($calbar['title'])."</a><br \
/>\n"; $i=$i+1;
if($i==2){
break;
Modified: trunk/squirrelmail/plugins/calendar/calendar_data.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/calendar_data.php 2012-12-09 11:58:17 UTC \
(rev 14345)
+++ trunk/squirrelmail/plugins/calendar/calendar_data.php 2012-12-09 12:06:30 UTC \
(rev 14346) @@ -23,7 +23,7 @@
* Plugin stores multiline texts converted to single line with PHP nl2br().
* Function undoes nl2br() conversion and html encoding of ASCII vertical bar.
*
- * Older plugin versions sanitized data with htmlspecialchars. Since 1.5.1 calendar
+ * Older plugin versions sanitized data with sm_encode_html_special_chars. Since \
1.5.1 calendar
* data is not sanitized. Output functions must make sure that data is correctly
* encoded and sanitized.
* @param string $string calendar string
Modified: trunk/squirrelmail/plugins/calendar/day.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/day.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/calendar/day.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -127,9 +127,9 @@
html_tag( 'td', \
date_intl(_("H:i"),mktime($ehour,$eminute,0,1,1,0)) . $elength, 'left' ) . html_tag( \
'td', '', 'left' ) . '['; echo ($calbar['priority']==1) ?
- "<font \
color=\"$color[1]\">".htmlspecialchars($calbar['title']).'</font>' :
- htmlspecialchars($calbar['title']);
- echo'] <div \
style="margin-left:10px">'.nl2br(htmlspecialchars($calbar['message'])).'</div>' . + \
"<font color=\"$color[1]\">".sm_encode_html_special_chars($calbar['title']).'</font>' \
: + sm_encode_html_special_chars($calbar['title']);
+ echo'] <div \
style="margin-left:10px">'.nl2br(sm_encode_html_special_chars($calbar['message'])).'</div>' \
. html_tag( 'td',
"<font size=\"-1\"><nobr>\n" .
"<a \
href=\"event_edit.php?year=$year&month=$month&day=$day&hour=".
Modified: trunk/squirrelmail/plugins/calendar/event_create.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/event_create.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/calendar/event_create.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -159,11 +159,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
- html_tag( 'td', htmlspecialchars($event_title,ENT_NOQUOTES), \
'left', $color[4] ) . "\n" + html_tag( 'td', \
sm_encode_html_special_chars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n" \
) . html_tag( 'tr',
html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" .
- html_tag( 'td', \
nl2br(htmlspecialchars($event_text,ENT_NOQUOTES)), 'left', $color[4] ) . "\n" + \
html_tag( 'td', nl2br(sm_encode_html_special_chars($event_text,ENT_NOQUOTES)), \
'left', $color[4] ) . "\n" ) .
html_tag( 'tr',
html_tag( 'td',
Modified: trunk/squirrelmail/plugins/calendar/event_delete.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/event_delete.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/calendar/event_delete.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -74,11 +74,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:"), 'right', $color[4] ) .
- html_tag( 'td', htmlspecialchars($tmparray['title']), 'left', \
$color[4] ) + html_tag( 'td', \
sm_encode_html_special_chars($tmparray['title']), 'left', $color[4] ) ) .
html_tag( 'tr',
html_tag( 'td', _("Message:"), 'right', $color[4] ) .
- html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])), \
'left', $color[4] ) + html_tag( 'td', \
nl2br(sm_encode_html_special_chars($tmparray['message'])), 'left', $color[4] ) ) .
html_tag( 'tr',
html_tag( 'td',
Modified: trunk/squirrelmail/plugins/calendar/event_edit.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/event_edit.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/calendar/event_edit.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -176,11 +176,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', htmlspecialchars($tmparray['title']) , 'left', \
$color[4] ) ."\n" + html_tag( 'td', \
sm_encode_html_special_chars($tmparray['title']) , 'left', $color[4] ) ."\n" ) .
html_tag( 'tr',
html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])) , \
'left', $color[4] ) ."\n" + html_tag( 'td', \
nl2br(sm_encode_html_special_chars($tmparray['message'])) , 'left', $color[4] ) ."\n" \
) . html_tag( 'tr',
html_tag( 'th', _("to:") . "<br />\n", '', $color[4], \
'colspan="2"' ) ."\n" @@ -200,11 +200,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', htmlspecialchars($event_title) , 'left', \
$color[4] ) ."\n" + html_tag( 'td', \
sm_encode_html_special_chars($event_title) , 'left', $color[4] ) ."\n" ) .
html_tag( 'tr',
html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', nl2br(htmlspecialchars($event_text)) , 'left', \
$color[4] ) ."\n" + html_tag( 'td', \
nl2br(sm_encode_html_special_chars($event_text)) , 'left', $color[4] ) ."\n" ) .
html_tag( 'tr',
html_tag( 'td',
Modified: trunk/squirrelmail/plugins/change_password/backend/ldap.php
===================================================================
--- trunk/squirrelmail/plugins/change_password/backend/ldap.php 2012-12-09 11:58:17 \
UTC (rev 14345)
+++ trunk/squirrelmail/plugins/change_password/backend/ldap.php 2012-12-09 12:06:30 \
UTC (rev 14346) @@ -646,7 +646,7 @@
break;
default:
array_push($msgs,sprintf(_("Unsupported crypto: %s"),
- (is_string($ldap_crypto) ? \
htmlspecialchars($ldap_crypto) : _("unknown")))); + \
(is_string($ldap_crypto) ? sm_encode_html_special_chars($ldap_crypto) : \
_("unknown")))); }
return $ret;
}
Modified: trunk/squirrelmail/plugins/change_password/backend/peardb.php
===================================================================
--- trunk/squirrelmail/plugins/change_password/backend/peardb.php 2012-12-09 11:58:17 \
UTC (rev 14345)
+++ trunk/squirrelmail/plugins/change_password/backend/peardb.php 2012-12-09 12:06:30 \
UTC (rev 14346) @@ -152,16 +152,16 @@
// connect to database and make sure that table exists
$cpw_db = DB::connect($cpw_peardb_dsn, $cpw_peardb_connect_opts);
if (PEAR::isError($cpw_db)) {
- array_push($msgs,sprintf(_("Connection error: \
%s"),htmlspecialchars($cpw_db->getMessage()))); + \
array_push($msgs,sprintf(_("Connection error: \
%s"),sm_encode_html_special_chars($cpw_db->getMessage()))); if ($cpw_peardb_debug)
- array_push($msgs,htmlspecialchars($cpw_db->getuserinfo()));
+ array_push($msgs,sm_encode_html_special_chars($cpw_db->getuserinfo()));
return $msgs;
}
// get table information
$table_info = $cpw_db->tableinfo($cpw_peardb_table);
if (PEAR::isError($table_info)) {
- array_push($msgs,sprintf(_("Invalid table name: \
%s"),htmlspecialchars($cpw_peardb_table))); + \
array_push($msgs,sprintf(_("Invalid table name: \
%s"),sm_encode_html_special_chars($cpw_peardb_table))); $cpw_db->disconnect();
return $msgs;
}
@@ -210,7 +210,7 @@
'');
$cpw_res=$cpw_db->query($query);
if (PEAR::isError($cpw_res)) {
- array_push($msgs,sprintf(_("Query failed: \
%s"),htmlspecialchars($cpw_res->getMessage()))); + \
array_push($msgs,sprintf(_("Query failed: \
%s"),sm_encode_html_special_chars($cpw_res->getMessage()))); $cpw_db->disconnect();
return $msgs;
}
@@ -284,7 +284,7 @@
// check for update error
if (PEAR::isError($cpw_res)) {
- array_push($msgs,sprintf(_("Unable to set new password: \
%s"),htmlspecialchars($cpw_res->getMessage()))); + \
array_push($msgs,sprintf(_("Unable to set new password: \
%s"),sm_encode_html_special_chars($cpw_res->getMessage()))); }
// close database connection
@@ -427,7 +427,7 @@
$ret = $password;
break;
default:
- array_push($msgs,sprintf(_("Unsupported crypto: \
%s"),htmlspecialchars($crypto))); + array_push($msgs,sprintf(_("Unsupported \
crypto: %s"),sm_encode_html_special_chars($crypto))); }
return $ret;
}
Modified: trunk/squirrelmail/plugins/change_password/options.php
===================================================================
--- trunk/squirrelmail/plugins/change_password/options.php 2012-12-09 11:58:17 UTC \
(rev 14345)
+++ trunk/squirrelmail/plugins/change_password/options.php 2012-12-09 12:06:30 UTC \
(rev 14346) @@ -81,7 +81,7 @@
if (isset($Messages) && count($Messages) > 0) {
echo "<tr><td>\n";
foreach ($Messages as $line) {
- echo htmlspecialchars($line) . "<br />\n";
+ echo sm_encode_html_special_chars($line) . "<br />\n";
}
echo "</td></tr>\n";
}
Modified: trunk/squirrelmail/plugins/filters/options.php
===================================================================
--- trunk/squirrelmail/plugins/filters/options.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/filters/options.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -180,7 +180,7 @@
html_tag( 'td', '', 'left' ) .
'<input type="text" size="32" name="filter_what" value="';
if (isset($filters[$theid]['what'])) {
- echo htmlspecialchars($filters[$theid]['what']);
+ echo sm_encode_html_special_chars($filters[$theid]['what']);
}
echo '" />'.
'</td>'.
@@ -243,7 +243,7 @@
printf( _("If %s contains %s then move to %s"),
'<b>'.$filters[$i]['where'].'</b>',
'<b>'.$filters[$i]['what'].'</b>',
- '<b>'.htmlspecialchars(imap_utf7_decode_local($fdr)).'</b>');
+ '<b>'.sm_encode_html_special_chars(imap_utf7_decode_local($fdr)).'</b>');
echo '</td></tr>';
}
Modified: trunk/squirrelmail/plugins/filters/spamoptions.php
===================================================================
--- trunk/squirrelmail/plugins/filters/spamoptions.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/filters/spamoptions.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -175,7 +175,7 @@
echo html_tag( 'p', '', 'center' ) .
'[<a href="spamoptions.php?action=spam">' . _("Edit") . '</a>]' .
' - [<a href="../../src/options.php">' . _("Done") . '</a>]</div><br /><br \
/>';
- printf( _("Spam is sent to %s."), \
($filters_spam_folder?'<b>'.htmlspecialchars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not \
set yet").'</i>]' ) ); + printf( _("Spam is sent to %s."), \
($filters_spam_folder?'<b>'.sm_encode_html_special_chars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not \
set yet").'</i>]' ) ); echo '<br />';
printf( _("Spam scan is limited to %s."), '<b>' . ( ($filters_spam_scan == \
'new')?_("Unread messages only"):_("All messages") ) . '</b>' ); echo '</p>'.
Modified: trunk/squirrelmail/plugins/fortune/functions.php
===================================================================
--- trunk/squirrelmail/plugins/fortune/functions.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/fortune/functions.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -50,7 +50,7 @@
}
$oTemplate->assign('color', $color);
- $oTemplate->assign('fortune', htmlspecialchars($fortune));
+ $oTemplate->assign('fortune', sm_encode_html_special_chars($fortune));
$output = $oTemplate->fetch('plugins/fortune/mailbox_index_before.tpl');
return array('mailbox_index_before' => $output);
Modified: trunk/squirrelmail/plugins/info/functions.php
===================================================================
--- trunk/squirrelmail/plugins/info/functions.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/info/functions.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -37,7 +37,7 @@
* @access private
*/
function imap_test($imap_stream, $string) {
- print "<tr><td>".htmlspecialchars($string)."</td></tr>";
+ print "<tr><td>".sm_encode_html_special_chars($string)."</td></tr>";
$response = sqimap_run_command_list($imap_stream, trim($string),false, \
$responses, $message,false); array_push($response, $responses . ' ' .$message);
return $response;
@@ -55,7 +55,7 @@
print_response($value);
}
else {
- print htmlspecialchars($value)."<br />\n";
+ print sm_encode_html_special_chars($value)."<br />\n";
}
}
}
Modified: trunk/squirrelmail/plugins/info/options.php
===================================================================
--- trunk/squirrelmail/plugins/info/options.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/info/options.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -75,7 +75,7 @@
"</b><br />\n";
foreach($caps_array[0] as $value) {
- echo htmlspecialchars($value);
+ echo sm_encode_html_special_chars($value);
}
echo "</td></tr><tr><td>\n";
@@ -92,8 +92,8 @@
}
}
else {
- echo 'folder_prefix = ' . htmlspecialchars($folder_prefix)."<br />\n" .
- 'default_charset = '.htmlspecialchars($default_charset)."\n";
+ echo 'folder_prefix = ' . sm_encode_html_special_chars($folder_prefix)."<br \
/>\n" . + 'default_charset = \
'.sm_encode_html_special_chars($default_charset)."\n"; }
echo "<br /></td></tr></table><br />\n";
Modified: trunk/squirrelmail/plugins/listcommands/mailout.php
===================================================================
--- trunk/squirrelmail/plugins/listcommands/mailout.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/listcommands/mailout.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -40,13 +40,13 @@
$out_string = _("This will send a message to %s requesting that you will be \
unsubscribed from this list. It will try to unsubscribe the adress below."); break;
default:
- error_box(sprintf(_("Unknown action: %s"),htmlspecialchars($action)));
+ error_box(sprintf(_("Unknown action: \
%s"),sm_encode_html_special_chars($action))); // display footer (closes html tags) \
and stop script execution $oTemplate->display('footer.tpl');
exit;
}
-$out_string = sprintf($out_string, '"' . htmlspecialchars($send_to) . \
'"'); +$out_string = sprintf($out_string, '"' . \
sm_encode_html_special_chars($send_to) . '"'); $idents = get_identities();
$fieldsdescr = listcommands_fieldsdescr();
$fielddescr = $fieldsdescr[$action];
Modified: trunk/squirrelmail/plugins/listcommands/templates/default/mailout.tpl
===================================================================
--- trunk/squirrelmail/plugins/listcommands/templates/default/mailout.tpl 2012-12-09 \
11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/listcommands/templates/default/mailout.tpl 2012-12-09 \
12:06:30 UTC (rev 14346) @@ -42,7 +42,7 @@
foreach($idents as $nr=>$data) {
echo '<option value="' . $nr . '">' .
- htmlspecialchars(
+ sm_encode_html_special_chars(
$data['full_name'].' <'.
$data['email_address'] . '>') .
"</option>\n";
@@ -53,14 +53,14 @@
} else {
echo _("From:");
- echo htmlspecialchars($idents[0]['full_name'].' \
<'.$idents[0]['email_address'].'>'); + echo \
sm_encode_html_special_chars($idents[0]['full_name'].' \
<'.$idents[0]['email_address'].'>'); }
?>
<br /><br />
-<input type="hidden" name="send_to" value="<?php echo htmlspecialchars($send_to); \
?>" />
-<input type="hidden" name="subject" value="<?php echo htmlspecialchars($subject); \
?>" />
-<input type="hidden" name="body" value="<?php echo htmlspecialchars($body); ?>" />
-<input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox); \
?>" /> +<input type="hidden" name="send_to" value="<?php echo \
sm_encode_html_special_chars($send_to); ?>" /> +<input type="hidden" name="subject" \
value="<?php echo sm_encode_html_special_chars($subject); ?>" /> +<input \
type="hidden" name="body" value="<?php echo sm_encode_html_special_chars($body); ?>" \
/> +<input type="hidden" name="mailbox" value="<?php echo \
sm_encode_html_special_chars($mailbox); ?>" /> <input type="submit" name="send1" \
value="<?php echo _("Send Mail"); ?>" /> <br />
</form>
Modified: trunk/squirrelmail/plugins/mail_fetch/fetch.php
===================================================================
--- trunk/squirrelmail/plugins/mail_fetch/fetch.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/mail_fetch/fetch.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -35,7 +35,7 @@
function Mail_Fetch_Status($msg) {
echo html_tag( 'table',
html_tag( 'tr',
- html_tag( 'td', htmlspecialchars( $msg ) , 'left' )
+ html_tag( 'td', sm_encode_html_special_chars( $msg ) , 'left' )
),
'', '', 'width="90%"' );
flush();
@@ -97,7 +97,7 @@
'<option value="all" selected="selected">..' . _("All") . "...\n";
for ($i = 0;$i < $mailfetch['server_number'];$i++) {
echo "<option value=\"$i\">" .
- htmlspecialchars($mailfetch[$i]['alias']) .
+ sm_encode_html_special_chars($mailfetch[$i]['alias']) .
'</option>' . "\n";
}
echo '</select>' .
@@ -109,7 +109,7 @@
if ($mailfetch[$i]['pass'] == '') {
echo html_tag( 'tr',
html_tag( 'td', _("Password for") . ' <b>' .
- htmlspecialchars($mailfetch[$i]['alias']) .
+ sm_encode_html_special_chars($mailfetch[$i]['alias']) .
'</b>: ',
'right' ) .
html_tag( 'td', '<input type="password" name="pass_' . $i . '" \
/>', 'left' ) @@ -177,7 +177,7 @@
html_tag( 'tr',
html_tag( 'td', '<b>' .
sprintf(_("Fetching from %s"),
- htmlspecialchars($mailfetch[$i_loop]['alias'])) .
+ sm_encode_html_special_chars($mailfetch[$i_loop]['alias'])) \
. '</b>',
'center' ) ,
'', $color[9] ) ,
@@ -209,13 +209,13 @@
/* log into pop server*/
if (! $pop3->login($mailfetch_user, $mailfetch_pass)) {
- Mail_Fetch_Status(_("Login Failed:") . ' ' . \
htmlspecialchars($pop3->error)); + Mail_Fetch_Status(_("Login Failed:") . ' ' \
. sm_encode_html_special_chars($pop3->error)); continue;
}
$aMsgStat = $pop3->command_stat();
if (is_bool($aMsgStat)) {
- Mail_Fetch_Status(_("Can't get mailbox status:") . ' ' . \
htmlspecialchars($pop3->error) ); + Mail_Fetch_Status(_("Can't get mailbox \
status:") . ' ' . sm_encode_html_special_chars($pop3->error) ); continue;
}
@@ -229,7 +229,7 @@
Mail_Fetch_Status(_("Fetching UIDL..."));
$msglist = $pop3->command_uidl();
if (is_bool($msglist)) {
- Mail_Fetch_Status(_("Server does not support UIDL.") . ' \
'.htmlspecialchars($pop3->error)); + Mail_Fetch_Status(_("Server does \
not support UIDL.") . ' \
'.sm_encode_html_special_chars($pop3->error));
// User asked to leave messages on server, but we can't do that.
$pop3->command_quit();
continue;
@@ -284,7 +284,7 @@
$Message = $pop3->command_retr($i);
if (is_bool($Message)) {
- Mail_Fetch_Status(htmlspecialchars($pop3->error));
+ Mail_Fetch_Status(sm_encode_html_special_chars($pop3->error));
continue;
}
@@ -297,7 +297,7 @@
$response=(implode('',$response));
$message=(implode('',$message));
if ($response != 'OK') {
- Mail_Fetch_Status(_("Error Appending Message!")." \
".htmlspecialchars($message) ); + Mail_Fetch_Status(_("Error Appending \
Message!")." ".sm_encode_html_special_chars($message) ); \
Mail_Fetch_Status(_("Closing POP")); $pop3->command_quit();
Mail_Fetch_Status(_("Logging out from IMAP"));
@@ -316,7 +316,7 @@
if( $pop3->command_dele($i) ) {
Mail_Fetch_Status(sprintf(_("Message %d deleted from remote \
server!"), $i)); } else {
- Mail_Fetch_Status(_("Delete failed:") . \
htmlspecialchars($pop3->error) ); + Mail_Fetch_Status(_("Delete \
failed:") . sm_encode_html_special_chars($pop3->error) ); }
}
} else {
Modified: trunk/squirrelmail/plugins/mail_fetch/functions.php
===================================================================
--- trunk/squirrelmail/plugins/mail_fetch/functions.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/mail_fetch/functions.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -139,7 +139,7 @@
$aMsgStat = $pop3->command_stat();
if (is_bool($aMsgStat)) {
- $outMsg .= _("Can't get mailbox status:") . ' ' . \
htmlspecialchars($pop3->error); + $outMsg .= _("Can't get mailbox \
status:") . ' ' . sm_encode_html_special_chars($pop3->error); continue;
}
@@ -152,7 +152,7 @@
if ($mailfetch_lmos == 'on') {
$msglist = $pop3->command_uidl();
if (is_bool($msglist)) {
- $outMsg .= _("Server does not support UIDL.") . ' \
'.htmlspecialchars($pop3->error); + $outMsg .= _("Server does \
not support UIDL.") . ' '.sm_encode_html_special_chars($pop3->error);
// User asked to leave messages on server, but we can't do \
that. $pop3->command_quit();
continue;
@@ -191,7 +191,7 @@
$Message = $pop3->command_retr($i);
if (is_bool($Message)) {
- $outMsg .= _("Warning:") . ' ' . htmlspecialchars($pop3->error);
+ $outMsg .= _("Warning:") . ' ' . \
sm_encode_html_special_chars($pop3->error); continue;
}
@@ -212,7 +212,7 @@
$response=(implode('',$response));
$message=(implode('',$message));
if ($response != 'OK') {
- $outMsg .= _("Error Appending Message!")." \
".htmlspecialchars($message); + $outMsg .= _("Error Appending \
Message!")." ".sm_encode_html_special_chars($message);
if ($mailfetch_lmos == 'on') {
setPref($data_dir,$username,"mailfetch_uidl_$i_loop", \
$msglist[$i-1]);
Modified: trunk/squirrelmail/plugins/mail_fetch/options.php
===================================================================
--- trunk/squirrelmail/plugins/mail_fetch/options.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/mail_fetch/options.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -342,7 +342,7 @@
echo '<b>' . _("Server Name:") . '</b> <select name="mf_sn">';
for ($i=0;$i<$mailfetch_server_number;$i++) {
echo "<option value=\"$i\">" .
- htmlspecialchars( \
(($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . \
"</option>"; + sm_encode_html_special_chars( \
(($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . \
"</option>"; }
echo '</select>'.
' <input type="submit" name="mf_action_mod" value="' . \
_("Modify") . '" />'. @@ -368,7 +368,7 @@
html_tag( 'td',
"<input type=\"hidden\" name=\"mf_sn\" value=\"$mf_sn\" />" .
'<input type="hidden" name="mf_action" value="confirm_delete" \
/>' .
- '<br />' . _("Selected Server:") . " <b>" . \
htmlspecialchars($mailfetch_server_[$mf_sn]) . "</b><br />" . + \
'<br />' . _("Selected Server:") . " <b>" . \
sm_encode_html_special_chars($mailfetch_server_[$mf_sn]) . "</b><br \
/>" .
_("Confirm delete of selected server?") . '<br /><br />' .
'<input type="submit" name="submit_mailfetch" value="' . \
_("Confirm Delete") . '" />' . '<br /></form>' ,
@@ -396,27 +396,27 @@
html_tag( 'tr',
html_tag( 'th', _("Server:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_server" value="' .
- htmlspecialchars($mailfetch_server_[$mf_sn]) . '" \
size="40" />', 'left' ) + \
sm_encode_html_special_chars($mailfetch_server_[$mf_sn]) . '" size="40" />', 'left' ) \
) . html_tag( 'tr',
html_tag( 'th', _("Port:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_port" value="' .
- htmlspecialchars($mailfetch_port_[$mf_sn]) . '" size="40" \
/>', 'left' ) + \
sm_encode_html_special_chars($mailfetch_port_[$mf_sn]) . '" size="40" />', 'left' ) \
) . html_tag( 'tr',
html_tag( 'th', _("Alias:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_alias" value="' .
- htmlspecialchars($mailfetch_alias_[$mf_sn]) . '" \
size="40" />', 'left' ) + \
sm_encode_html_special_chars($mailfetch_alias_[$mf_sn]) . '" size="40" />', 'left' ) \
) . html_tag( 'tr',
html_tag( 'th', _("Username:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_user" value="' .
- htmlspecialchars($mailfetch_user_[$mf_sn]) . '" size="20" \
/>', 'left' ) + \
sm_encode_html_special_chars($mailfetch_user_[$mf_sn]) . '" size="20" />', 'left' ) \
) . html_tag( 'tr',
html_tag( 'th', _("Password:"), 'right' ) .
html_tag( 'td', '<input type="password" name="mf_pass" value="' .
- htmlspecialchars($mailfetch_pass_[$mf_sn]) . '" size="20" \
/>', 'left' ) + \
sm_encode_html_special_chars($mailfetch_pass_[$mf_sn]) . '" size="20" />', 'left' ) \
) . html_tag( 'tr',
html_tag( 'th', _("Authentication type:"), 'right' ) .
Modified: trunk/squirrelmail/plugins/message_details/message_details_bottom.php
===================================================================
--- trunk/squirrelmail/plugins/message_details/message_details_bottom.php 2012-12-09 \
11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/message_details/message_details_bottom.php 2012-12-09 \
12:06:30 UTC (rev 14346) @@ -260,7 +260,7 @@
$entities["$entStr"]['contenttype']=$reg[2].'/'.$reg[3];
}
} else if (!$nameset && \
preg_match("/^.*(name=\s*)\"(.*)\".*/i",$line,$reg)) {
- $name = htmlspecialchars($reg[2]);
+ $name = sm_encode_html_special_chars($reg[2]);
$content[$content_indx]['name'] = decodeHeader($name);
$nameset = true;
if (isset($entities["$entStr"])) {
@@ -285,7 +285,7 @@
if ($stripHTML) {
$message_body .= $line . "\r\n";
} else {
- $line = htmlspecialchars($line);
+ $line = sm_encode_html_special_chars($line);
if ($msgd_8bit_in_hex) $line = msgd_convert_to_hex($line);
$message_body .= "$pre"."$line"."$end"."\r\n";
}
Modified: trunk/squirrelmail/plugins/newmail/functions.php
===================================================================
--- trunk/squirrelmail/plugins/newmail/functions.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/newmail/functions.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -691,7 +691,7 @@
/**
* Converts media attributes to string
* Warning:
- * * attribute values are automatically sanitized by htmlspecialchars()
+ * * attribute values are automatically sanitized by sm_encode_html_special_chars()
* * This is internal function, use newmail_media_objects() instead
* @param array $args array with object attributes
* @return string string with object attributes
@@ -699,7 +699,7 @@
function newmail_media_prepare_args($args) {
$ret_args='';
foreach ($args as $arg => $value) {
- $ret_args.= $arg . '="' . htmlspecialchars($value) . '" ';
+ $ret_args.= $arg . '="' . sm_encode_html_special_chars($value) . '" ';
}
return $ret_args;
}
Modified: trunk/squirrelmail/plugins/newmail/newmail_opt.php
===================================================================
--- trunk/squirrelmail/plugins/newmail/newmail_opt.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/newmail/newmail_opt.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -153,8 +153,8 @@
if ($entry == $newmail_media) {
echo 'selected="selected" ';
}
- echo 'value="' . htmlspecialchars($entry) . '">' .
- htmlspecialchars($entry) . "</option>\n";
+ echo 'value="' . sm_encode_html_special_chars($entry) . '">' .
+ sm_encode_html_special_chars($entry) . "</option>\n";
}
}
$d->close();
@@ -165,7 +165,7 @@
echo 'selected="selected" ';
}
echo 'value="mmedia_' . $newmail_mm_name . '">'
- .htmlspecialchars($newmail_mm_name) . "</option>\n";
+ .sm_encode_html_special_chars($newmail_mm_name) . "</option>\n";
}
if($newmail_uploadsounds) {
@@ -205,7 +205,7 @@
// display currently uploaded file information
echo html_tag('tr')
. html_tag('td',_("Uploaded Media \
File:"),'right','','style="white-space: nowrap;"')
- . html_tag('td',($newmail_userfile_name!='' ? \
htmlspecialchars($newmail_userfile_name) : _("unavailable"))) + . \
html_tag('td',($newmail_userfile_name!='' ? \
sm_encode_html_special_chars($newmail_userfile_name) : \
_("unavailable")))
."</tr>\n";
if ($newmail_userfile_name!='') {
@@ -218,8 +218,8 @@
echo html_tag( 'tr', "\n" .
html_tag( 'td', _("Current File:"), 'right', '', \
'style="white-space: nowrap;"' ) . html_tag( 'td', '<input type="hidden" value="' .
- htmlspecialchars($newmail_media) . '" name="media_default" \
/>' .
- htmlspecialchars($media_output) . '', 'left' )
+ sm_encode_html_special_chars($newmail_media) . '" \
name="media_default" />' . + \
sm_encode_html_special_chars($media_output) . '', 'left' ) ) . "\n";
}
echo html_tag( 'tr', "\n" .
Modified: trunk/squirrelmail/plugins/spamcop/options.php
===================================================================
--- trunk/squirrelmail/plugins/spamcop/options.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/spamcop/options.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -143,7 +143,7 @@
'<small>(' . _("see below") . ')</small>','right','','valign="top"');
?>
<td valign="top"><form method="post" action="options.php">
- <input type="text" size="30" name="ID" value="<?php echo \
htmlspecialchars($spamcop_id) ?>" /> + <input type="text" size="30" \
name="ID" value="<?php echo sm_encode_html_special_chars($spamcop_id) ?>" /> <input \
type="hidden" name="action" value="save_id" /> <?php
echo '<input type="submit" value="' . _("Save ID") . "\" />\n";
Modified: trunk/squirrelmail/plugins/spamcop/spamcop.php
===================================================================
--- trunk/squirrelmail/plugins/spamcop/spamcop.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/spamcop/spamcop.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -120,8 +120,8 @@
echo '<input type="button" value="' . _("Close Window") . "\" \
onclick=\"window.close(); return true;\" />\n"; } else {
?><form method="post" action="<?php echo sqm_baseuri(); ?>src/right_main.php">
- <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) \
?>" />
- <input type="hidden" name="startMessage" value="<?php echo \
htmlspecialchars($startMessage) ?>" /> + <input type="hidden" name="mailbox" \
value="<?php echo sm_encode_html_special_chars($mailbox) ?>" /> + <input \
type="hidden" name="startMessage" value="<?php echo \
sm_encode_html_special_chars($startMessage) ?>" /> <?php
echo '<input type="submit" value="' . _("Cancel / Done") . "\" />";
}
@@ -137,9 +137,9 @@
$form_action = sqm_baseuri() . 'src/compose.php';
?> <form method="post" action="<?php echo $form_action?>">
<input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token() \
?>" />
- <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) \
?>" />
- <input type="hidden" name="spamcop_is_composing" value="<?php echo \
htmlspecialchars($passed_id) ?>" />
- <input type="hidden" name="send_to" value="<?php echo \
htmlspecialchars($report_email)?>" /> + <input type="hidden" name="mailbox" \
value="<?php echo sm_encode_html_special_chars($mailbox) ?>" /> + <input \
type="hidden" name="spamcop_is_composing" value="<?php echo \
sm_encode_html_special_chars($passed_id) ?>" /> + <input type="hidden" \
name="send_to" value="<?php echo sm_encode_html_special_chars($report_email)?>" /> \
<input type="hidden" name="subject" value="reply anyway" /> <input type="hidden" \
name="identity" value="0" /> <input type="hidden" name="session" value="<?php echo \
$session?>" /> @@ -163,7 +163,7 @@
} ?>
<input type="hidden" name="action" value="submit" />
<input type="hidden" name="oldverbose" value="1" />
- <input type="hidden" name="spam" value="<?php echo \
htmlspecialchars($spam_message); ?>" /> + <input type="hidden" name="spam" \
value="<?php echo sm_encode_html_special_chars($spam_message); ?>" /> <?php
echo '<input type="submit" name="x1" value="' . _("Send Spam Report") . "\" \
/>\n"; }
Modified: trunk/squirrelmail/plugins/squirrelspell/modules/check_me.mod
===================================================================
--- trunk/squirrelmail/plugins/squirrelspell/modules/check_me.mod 2012-12-09 11:58:17 \
UTC (rev 14345)
+++ trunk/squirrelmail/plugins/squirrelspell/modules/check_me.mod 2012-12-09 12:06:30 \
UTC (rev 14346) @@ -106,7 +106,7 @@
*/
if (!empty($check->error)) {
$msg= '<div style="text-align: center;">'
- . nl2br(htmlspecialchars($check->error))
+ . nl2br(sm_encode_html_special_chars($check->error))
. '<form onsubmit="return false">'
. '<input type="submit" value=" ' . _("Close")
. ' " onclick="self.close()" /></form></div>';
@@ -125,7 +125,7 @@
*/
if (!empty($check->error)) {
$msg= '<div style="text-align: center;">'
- . nl2br(htmlspecialchars($check->error))
+ . nl2br(sm_encode_html_special_chars($check->error))
. '<form onsubmit="return false">'
. '<input type="submit" value=" ' . _("Close")
. ' " onclick="self.close()" /></form></div>';
@@ -153,7 +153,7 @@
}
} else {
if (!empty($check->error)) {
- $error_msg = nl2br(htmlspecialchars($check->error));
+ $error_msg = nl2br(sm_encode_html_special_chars($check->error));
} else {
$error_msg = _("Unknown error");
}
Modified: trunk/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod
===================================================================
--- trunk/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod 2012-12-09 11:58:17 \
UTC (rev 14345)
+++ trunk/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod 2012-12-09 12:06:30 \
UTC (rev 14346) @@ -61,9 +61,9 @@
$msg .= "</td><td valign=\"top\">\n";
}
$msg .= "<input type=\"checkbox\" name=\"words_ary[]\" "
- . 'value="'.htmlspecialchars($lang_words[$j]). '" id="words_ary_'
+ . 'value="'.sm_encode_html_special_chars($lang_words[$j]). '" \
id="words_ary_'
. $j . '" /> <label for="words_ary_' . $j .'">'
- . htmlspecialchars($lang_words[$j]) . "</label><br />\n";
+ . sm_encode_html_special_chars($lang_words[$j]) . "</label><br />\n";
}
$msg .= '</td></tr></table></td></tr>'
. "<tr bgcolor=\"$color[0]\" align=\"center\"><td>"
Modified: trunk/squirrelmail/plugins/squirrelspell/modules/forget_me.mod
===================================================================
--- trunk/squirrelmail/plugins/squirrelspell/modules/forget_me.mod 2012-12-09 \
11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/squirrelspell/modules/forget_me.mod 2012-12-09 \
12:06:30 UTC (rev 14346) @@ -40,7 +40,7 @@
// print list of deleted words
foreach ($words_ary as $deleted_word) {
- $msg.= '<li>'.htmlspecialchars($deleted_word)."</li>\n";
+ $msg.= '<li>'.sm_encode_html_special_chars($deleted_word)."</li>\n";
}
// rebuild dictionary
Modified: trunk/squirrelmail/plugins/squirrelspell/modules/lang_change.mod
===================================================================
--- trunk/squirrelmail/plugins/squirrelspell/modules/lang_change.mod 2012-12-09 \
11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/squirrelspell/modules/lang_change.mod 2012-12-09 \
12:06:30 UTC (rev 14346) @@ -42,7 +42,7 @@
if (sizeof($new_langs)>1) {
$dsp_string = '';
foreach( $new_langs as $a) {
- $dsp_string .= _(htmlspecialchars(trim($a))) . _(", ");
+ $dsp_string .= _(sm_encode_html_special_chars(trim($a))) . _(", ");
}
// remove last comma and space
$dsp_string = substr( $dsp_string, 0, -2 );
@@ -52,15 +52,15 @@
// make sure that you don't use html codes in language name translations
$msg = '<p>'
. sprintf(_("Settings adjusted to: %s with %s as default dictionary."),
- '<strong>'.htmlspecialchars($dsp_string).'</strong>',
- '<strong>'.htmlspecialchars(_($lang_default)).'</strong>')
+ '<strong>'.sm_encode_html_special_chars($dsp_string).'</strong>',
+ '<strong>'.sm_encode_html_special_chars(_($lang_default)).'</strong>')
. '</p>';
} else {
/**
* Only one dictionary is selected.
*/
$msg = '<p>'
- . sprintf(_("Using %s dictionary for spellcheck." ), \
'<strong>'.htmlspecialchars(_($new_langs[0])).'</strong>') + . sprintf(_("Using %s \
dictionary for spellcheck." ), \
'<strong>'.sm_encode_html_special_chars(_($new_langs[0])).'</strong>')
. '</p>';
}
Modified: trunk/squirrelmail/plugins/squirrelspell/sqspell_functions.php
===================================================================
--- trunk/squirrelmail/plugins/squirrelspell/sqspell_functions.php 2012-12-09 \
11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/squirrelspell/sqspell_functions.php 2012-12-09 \
12:06:30 UTC (rev 14346) @@ -849,12 +849,12 @@
. _("SquirrelSpell was unable to decrypt your personal dictionary. This is most \
likely due to the fact that you have changed your mailbox password. In order to \
proceed, you will have to supply your old password so that SquirrelSpell can decrypt \
your personal dictionary. It will be re-encrypted with your new password after this. \
If you haven't encrypted your dictionary, then it got mangled and is no longer valid. \
You will have to delete it and start anew. This is also true if you don't remember \
your old password -- without it, the encrypted data is no longer accessible.") , \
'left' ) . "\n"
. (($lang) ? html_tag('p',sprintf(_("Your %s dictionary is encrypted with \
password that differs from your current password."),
- htmlspecialchars($lang)),'left') : '')
+ sm_encode_html_special_chars($lang)),'left') : \
'')
. '<blockquote>' . "\n"
. '<form method="post" onsubmit="return AYS()">' . "\n"
. '<input type="hidden" name="MOD" value="crypto_badkey" />' . "\n"
. (($lang) ?
- '<input type="hidden" name="dict_lang" value="'.htmlspecialchars($lang).'" \
/>' : + '<input type="hidden" name="dict_lang" \
value="'.sm_encode_html_special_chars($lang).'" />' : '<input type="hidden" \
name="old_setup" value="yes" />')
. html_tag( 'p', "\n" .
'<input type="checkbox" name="delete_words" value="ON" id="delete_words" />'
Modified: trunk/squirrelmail/plugins/translate/functions.php
===================================================================
--- trunk/squirrelmail/plugins/translate/functions.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/plugins/translate/functions.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -456,7 +456,7 @@
}
if (! is_null($charset))
- echo ' accept-charset="'.htmlspecialchars($charset).'"';
+ echo ' accept-charset="'.sm_encode_html_special_chars($charset).'"';
echo ">\n";
Modified: trunk/squirrelmail/src/addrbook_search.php
===================================================================
--- trunk/squirrelmail/src/addrbook_search.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/addrbook_search.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -70,7 +70,7 @@
/* Empty search */
if (empty($query) && empty($show) && !isset($listall)) {
- $oTemplate->assign('note', htmlspecialchars(_("No persons matching your search \
were found"))); + $oTemplate->assign('note', sm_encode_html_special_chars(_("No \
persons matching your search were found"))); $oTemplate->display('note.tpl');
# exit;
}
@@ -125,7 +125,7 @@
}
if (!is_array($res)) {
- plain_error_message( _("Your search failed with the following error(s)") \
.':<br />'. nl2br(htmlspecialchars($abook->error)) ); + \
plain_error_message( _("Your search failed with the following error(s)") .':<br />'. \
nl2br(sm_encode_html_special_chars($abook->error)) ); } elseif (sizeof($res) == 0) {
$oTemplate->assign('note', _("No persons matching your search were \
found")); $oTemplate->display('note.tpl');
Modified: trunk/squirrelmail/src/addrbook_search_html.php
===================================================================
--- trunk/squirrelmail/src/addrbook_search_html.php 2012-12-09 11:58:17 UTC (rev \
14345)
+++ trunk/squirrelmail/src/addrbook_search_html.php 2012-12-09 12:06:30 UTC (rev \
14346) @@ -157,7 +157,7 @@
}
if (!is_array($res)) {
- plain_error_message(_("Your search failed with the following error(s)") \
.':<br />'. nl2br(htmlspecialchars($abook->error))); + \
plain_error_message(_("Your search failed with the following error(s)") .':<br />'. \
nl2br(sm_encode_html_special_chars($abook->error))); } elseif (sizeof($res) == 0) {
$oTemplate->assign('note', _("No persons matching your search were found"));
$oTemplate->display('note.tpl');
Modified: trunk/squirrelmail/src/addressbook.php
===================================================================
--- trunk/squirrelmail/src/addressbook.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/addressbook.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -233,7 +233,7 @@
$olddata = $abook->lookup($enick, $ebackend);
// Test if $olddata really contains anything and return an \
error message if it doesn't if (!$olddata) {
- error_box(nl2br(htmlspecialchars($abook->error)));
+ \
error_box(nl2br(sm_encode_html_special_chars($abook->error))); } else {
/* Display the "new address" form */
echo abook_create_form($form_url, 'editaddr',
@@ -255,7 +255,7 @@
/* Handle error messages */
if (!$r) {
/* Display error */
- plain_error_message( \
nl2br(htmlspecialchars($abook->error))); + \
plain_error_message( nl2br(sm_encode_html_special_chars($abook->error)));
/* Display the "new address" form again */
echo abook_create_form($form_url, 'editaddr',
@@ -299,7 +299,7 @@
/* Display error messages */
if (!empty($formerror)) {
- plain_error_message(nl2br(htmlspecialchars($formerror)));
+ plain_error_message(nl2br(sm_encode_html_special_chars($formerror)));
}
@@ -326,7 +326,7 @@
$addresses[$backend->bnum] = $a;
} else {
// list_addr() returns boolean
- plain_error_message(nl2br(htmlspecialchars($abook->error)));
+ plain_error_message(nl2br(sm_encode_html_special_chars($abook->error)));
}
} else {
$addresses[$backend->bnum] = $a;
Modified: trunk/squirrelmail/src/compose.php
===================================================================
--- trunk/squirrelmail/src/compose.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/compose.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -1346,10 +1346,10 @@
$oTemplate->assign('identity_def', $identity);
$oTemplate->assign('input_onfocus', 'onfocus="'.join(' ', $onfocus_array).'"');
- $oTemplate->assign('to', htmlspecialchars($send_to));
- $oTemplate->assign('cc', htmlspecialchars($send_to_cc));
- $oTemplate->assign('bcc', htmlspecialchars($send_to_bcc));
- $oTemplate->assign('subject', htmlspecialchars($subject));
+ $oTemplate->assign('to', sm_encode_html_special_chars($send_to));
+ $oTemplate->assign('cc', sm_encode_html_special_chars($send_to_cc));
+ $oTemplate->assign('bcc', sm_encode_html_special_chars($send_to_bcc));
+ $oTemplate->assign('subject', sm_encode_html_special_chars($subject));
// access keys...
//
@@ -1385,9 +1385,9 @@
} else {
$body_str = "\n\n".($prefix_sig==true? "-- \
\n":'').decodeHeader($signature,false,false); }
- $body_str .= "\n\n".htmlspecialchars(decodeHeader($body,false,false));
+ $body_str .= \
"\n\n".sm_encode_html_special_chars(decodeHeader($body,false,false)); } else {
- $body_str = "\n\n".htmlspecialchars(decodeHeader($body,false,false));
+ $body_str = \
"\n\n".sm_encode_html_special_chars(decodeHeader($body,false,false));
// FIXME: test is specific to ja_JP translation implementation. See \
above comments. if ($default_charset == 'iso-2022-jp') {
$body_str .= "\n\n".($prefix_sig==true? "-- \
\n":'').mb_convert_encoding($signature, 'EUC-JP'); @@ -1396,7 +1396,7 @@
}
}
} else {
- $body_str = htmlspecialchars(decodeHeader($body,false,false));
+ $body_str = sm_encode_html_special_chars(decodeHeader($body,false,false));
}
$oTemplate->assign('editor_width', (int)$editor_size);
@@ -1811,7 +1811,7 @@
$composeMessage->purgeAttachments();
return $success;
} else {
- $msg = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), \
htmlspecialchars($draft_folder)); + $msg = '<br />'.sprintf(_("Error: \
Draft folder %s does not exist."), sm_encode_html_special_chars($draft_folder)); \
plain_error_message($msg); return false;
}
@@ -1832,7 +1832,7 @@
$msg .= '<br />'
. _("Server replied:") . ' '
. (isset($deliver->dlv_ret_nr) ? $deliver->dlv_ret_nr . ' ' : '')
- . nl2br(htmlspecialchars($deliver->dlv_server_msg));
+ . nl2br(sm_encode_html_special_chars($deliver->dlv_server_msg));
}
plain_error_message($msg);
} else {
Modified: trunk/squirrelmail/src/configtest.php
===================================================================
--- trunk/squirrelmail/src/configtest.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/configtest.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -267,7 +267,7 @@
|| strpos($variables_order, 'P') === FALSE
|| strpos($variables_order, 'C') === FALSE
|| strpos($variables_order, 'S') === FALSE) {
- do_err('Your variables_order setting is insufficient for SquirrelMail to \
function. It needs at least "GPCS", but you have it set to "' . \
htmlspecialchars($variables_order) . '"', true); + do_err('Your variables_order \
setting is insufficient for SquirrelMail to function. It needs at least "GPCS", but \
you have it set to "' . sm_encode_html_special_chars($variables_order) . '"', true); \
} else { echo $IND . "variables_order OK: $variables_order.<br />\n";
}
@@ -283,7 +283,7 @@
else if (strpos($gpc_order, 'G') === FALSE
|| strpos($gpc_order, 'P') === FALSE
|| strpos($gpc_order, 'C') === FALSE) {
- do_err('Your gpc_order setting is insufficient for SquirrelMail to function. \
It needs to be set to "GPC", but you have it set to "' . htmlspecialchars($gpc_order) \
. '"', true); + do_err('Your gpc_order setting is insufficient for \
SquirrelMail to function. It needs to be set to "GPC", but you have it set to "' . \
sm_encode_html_special_chars($gpc_order) . '"', true); } else {
echo $IND . "gpc_order OK: $gpc_order.<br />\n";
}
@@ -479,7 +479,7 @@
// if plugin outputs more than newlines and spacing, stop script execution.
if (!empty($output)) {
- $plugin_load_error = 'Some output was produced when plugin <i>' . $name \
. '</i> was loaded. Usually this means there is an error in the plugin\'s setup or \
configuration file. The output was: '.htmlspecialchars($output); + \
$plugin_load_error = 'Some output was produced when plugin <i>' . $name . '</i> was \
loaded. Usually this means there is an error in the plugin\'s setup or configuration \
file. The output was: '.sm_encode_html_special_chars($output); \
do_err($plugin_load_error); }
}
@@ -588,9 +588,9 @@
echo $IND . "Default language OK.<br />\n";
}
-echo $IND . "Base URL detected as: <tt>" . htmlspecialchars($test_location) .
+echo $IND . "Base URL detected as: <tt>" . \
sm_encode_html_special_chars($test_location) .
"</tt> (location base " . (empty($config_location_base) ? 'autodetected' : 'set \
to <tt>' .
- htmlspecialchars($config_location_base)."</tt>") . ")<br />\n";
+ sm_encode_html_special_chars($config_location_base)."</tt>") . ")<br />\n";
/* check minimal requirements for other security options */
@@ -635,14 +635,14 @@
$errorNumber, $errorString);
if(!$stream) {
do_err("Error connecting to SMTP server \"$smtpServerAddress:$smtpPort\".".
- "Server error: ($errorNumber) ".htmlspecialchars($errorString));
+ "Server error: ($errorNumber) \
".sm_encode_html_special_chars($errorString)); }
// check for SMTP code; should be 2xx to allow us access
$smtpline = fgets($stream, 1024);
if(((int) $smtpline{0}) > 3) {
do_err("Error connecting to SMTP server. Server error: ".
- htmlspecialchars($smtpline));
+ sm_encode_html_special_chars($smtpline));
}
/* smtp starttls checks */
@@ -694,7 +694,7 @@
$starttls_response=fgets($stream, 1024);
if ($starttls_response[0]!=2) {
$starttls_cmd_err = 'SMTP STARTTLS failed. Server replied: '
- .htmlspecialchars($starttls_response);
+ .sm_encode_html_special_chars($starttls_response);
do_err($starttls_cmd_err);
} elseif(! stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) \
{
do_err('Failed to enable encryption on SMTP STARTTLS connection.');
@@ -707,7 +707,7 @@
fputs($stream, 'QUIT');
fclose($stream);
echo $IND . 'SMTP server OK (<tt><small>'.
- trim(htmlspecialchars($smtpline))."</small></tt>)<br />\n";
+ trim(sm_encode_html_special_chars($smtpline))."</small></tt>)<br />\n";
/* POP before SMTP */
if($pop_before_smtp) {
@@ -715,13 +715,13 @@
$stream = fsockopen($pop_before_smtp_host, 110, $err_no, $err_str);
if (!$stream) {
do_err("Error connecting to POP Server ($pop_before_smtp_host:110) "
- . $err_no . ' : ' . htmlspecialchars($err_str));
+ . $err_no . ' : ' . sm_encode_html_special_chars($err_str));
}
$tmp = fgets($stream, 1024);
if (substr($tmp, 0, 3) != '+OK') {
do_err("Error connecting to POP Server ($pop_before_smtp_host:110)"
- . ' '.htmlspecialchars($tmp));
+ . ' '.sm_encode_html_special_chars($tmp));
}
fputs($stream, 'QUIT');
fclose($stream);
@@ -740,18 +740,18 @@
if(!$stream) {
do_err("Error connecting to IMAP server \"$imapServerAddress:$imapPort\".".
"Server error: ($errorNumber) ".
- htmlspecialchars($errorString));
+ sm_encode_html_special_chars($errorString));
}
/** Is the first response 'OK'? */
$imapline = fgets($stream, 1024);
if(substr($imapline, 0,4) != '* OK') {
do_err('Error connecting to IMAP server. Server error: '.
- htmlspecialchars($imapline));
+ sm_encode_html_special_chars($imapline));
}
echo $IND . 'IMAP server ready (<tt><small>'.
- htmlspecialchars(trim($imapline))."</small></tt>)<br />\n";
+ sm_encode_html_special_chars(trim($imapline))."</small></tt>)<br />\n";
/** Check capabilities */
fputs($stream, "A001 CAPABILITY\r\n");
@@ -773,7 +773,7 @@
$starttls_line=fgets($stream, 1024);
if (! preg_match("/^A002 OK.*/i",$starttls_line)) {
$imap_starttls_err = 'IMAP STARTTLS failed. Server replied: '
- .htmlspecialchars($starttls_line);
+ .sm_encode_html_special_chars($starttls_line);
do_err($imap_starttls_err);
} elseif (! stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) \
{ do_err('Failed to enable encryption on IMAP connection.');
@@ -793,7 +793,7 @@
}
}
-echo $IND . 'Capabilities: <tt>'.htmlspecialchars($capline)."</tt><br />\n";
+echo $IND . 'Capabilities: <tt>'.sm_encode_html_special_chars($capline)."</tt><br \
/>\n";
if($imap_auth_mech == 'login' && stristr($capline, 'LOGINDISABLED') !== FALSE) {
do_err('Your server doesn\'t allow plaintext logins. '.
@@ -854,7 +854,7 @@
$display_locale = $setlocale;
$locale_count = 1;
}
- $tested_locales_msg = 'Tested '.htmlspecialchars($display_locale).' \
' + $tested_locales_msg = 'Tested \
'.sm_encode_html_special_chars($display_locale).' '
.($locale_count>1 ? 'locales':'locale'). '.';
echo $IND . $IND .$IND . $lang_data['NAME'].' (' .$lang_code. ') - \
'; @@ -865,7 +865,7 @@
} else {
echo 'supported. '
.$tested_locales_msg
- .' setlocale() returned "'.htmlspecialchars($retlocale).'"';
+ .' setlocale() returned \
"'.sm_encode_html_special_chars($retlocale).'"'; }
echo "<br />\n";
}
@@ -918,7 +918,7 @@
echo "Webmail users can't change their time zone settings. \n";
}
if (isset($_ENV['TZ'])) {
- echo 'Default time zone is '.htmlspecialchars($_ENV['TZ']);
+ echo 'Default time zone is '.sm_encode_html_special_chars($_ENV['TZ']);
} else {
echo 'Current time zone is '.date('T');
}
@@ -977,7 +977,7 @@
$dbh = DB::connect($dsn, true);
if (DB::isError($dbh)) {
- do_err('Database error: '. htmlspecialchars(DB::errorMessage($dbh)) \
. + do_err('Database error: '. \
sm_encode_html_special_chars(DB::errorMessage($dbh)) . ' in ' .$type .' DSN.');
}
$dbh->disconnect();
Modified: trunk/squirrelmail/src/folders.php
===================================================================
--- trunk/squirrelmail/src/folders.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/folders.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -112,7 +112,7 @@
}
if (isset($td_str)) {
- $oTemplate->assign('note', htmlspecialchars($td_str));
+ $oTemplate->assign('note', sm_encode_html_special_chars($td_str));
$oTemplate->display('note.tpl');
}
@@ -197,8 +197,8 @@
}
if ($use_folder) {
- $box_enc = htmlspecialchars($box_a['unformatted-dm']);
- $box_disp = \
htmlspecialchars(imap_utf7_decode_local($box_a['unformatted-disp'])); + \
$box_enc = sm_encode_html_special_chars($box_a['unformatted-dm']); + \
$box_disp = sm_encode_html_special_chars(imap_utf7_decode_local($box_a['unformatted-disp']));
$subbox_option_list[] = array( 'Value' => $box_enc, 'Display' => \
$box_disp); }
}
Modified: trunk/squirrelmail/src/login.php
===================================================================
--- trunk/squirrelmail/src/login.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/login.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -63,7 +63,7 @@
$password_form_name = 'secretkey';
do_hook('login_cookie', $null);
-$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? \
htmlspecialchars($loginname) : ''); +$loginname_value = (sqGetGlobalVar('loginname', \
$loginname) ? sm_encode_html_special_chars($loginname) : '');
//FIXME: should be part of the template, not the core!
/* Output the javascript onload function. */
Modified: trunk/squirrelmail/src/options_highlight.php
===================================================================
--- trunk/squirrelmail/src/options_highlight.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/options_highlight.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -124,10 +124,10 @@
foreach($message_highlight_list as $index=>$rule) {
$a = array();
- $a['Name'] = htmlspecialchars($rule['name']);
+ $a['Name'] = sm_encode_html_special_chars($rule['name']);
$a['Color'] = $rule['color'];
$a['MatchField'] = '';
- $a['MatchValue'] = htmlspecialchars($rule['value']);
+ $a['MatchValue'] = sm_encode_html_special_chars($rule['value']);
@@ Diff output truncated at 100000 characters. @@
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic