Revision: 14346
http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14346&view=rev
Author: kink
Date: 2012-12-09 12:06:30 +0000 (Sun, 09 Dec 2012)
Log Message:
-----------
Replace calls to htmlspecialchars() with sm_encode_html_special_chars().
New function sm_encode_html_special_chars() encodes HTML special
characters by calling htmlspecialchars(). It sets the character set
to ISO-8859-1, to fix compatibility with PHP >= 5.4.
Patch by Paul Lesniewski.
See #3491925
Modified Paths:
--------------
trunk/squirrelmail/class/mime/Rfc822Header.class.php
trunk/squirrelmail/class/template/PHP_Template.class.php
trunk/squirrelmail/class/template/Smarty_Template.class.php
trunk/squirrelmail/class/template/Template.class.php
trunk/squirrelmail/functions/addressbook.php
trunk/squirrelmail/functions/attachment_common.php
trunk/squirrelmail/functions/display_messages.php
trunk/squirrelmail/functions/folder_manip.php
trunk/squirrelmail/functions/forms.php
trunk/squirrelmail/functions/global.php
trunk/squirrelmail/functions/imap_general.php
trunk/squirrelmail/functions/imap_mailbox.php
trunk/squirrelmail/functions/imap_messages.php
trunk/squirrelmail/functions/mailbox_display.php
trunk/squirrelmail/functions/mime.php
trunk/squirrelmail/functions/options.php
trunk/squirrelmail/functions/page_header.php
trunk/squirrelmail/functions/strings.php
trunk/squirrelmail/include/init.php
trunk/squirrelmail/include/languages.php
trunk/squirrelmail/include/options/display.php
trunk/squirrelmail/include/options/personal.php
trunk/squirrelmail/plugins/administrator/options.php
trunk/squirrelmail/plugins/calendar/calendar.php
trunk/squirrelmail/plugins/calendar/calendar_data.php
trunk/squirrelmail/plugins/calendar/day.php
trunk/squirrelmail/plugins/calendar/event_create.php
trunk/squirrelmail/plugins/calendar/event_delete.php
trunk/squirrelmail/plugins/calendar/event_edit.php
trunk/squirrelmail/plugins/change_password/backend/ldap.php
trunk/squirrelmail/plugins/change_password/backend/peardb.php
trunk/squirrelmail/plugins/change_password/options.php
trunk/squirrelmail/plugins/filters/options.php
trunk/squirrelmail/plugins/filters/spamoptions.php
trunk/squirrelmail/plugins/fortune/functions.php
trunk/squirrelmail/plugins/info/functions.php
trunk/squirrelmail/plugins/info/options.php
trunk/squirrelmail/plugins/listcommands/mailout.php
trunk/squirrelmail/plugins/listcommands/templates/default/mailout.tpl
trunk/squirrelmail/plugins/mail_fetch/fetch.php
trunk/squirrelmail/plugins/mail_fetch/functions.php
trunk/squirrelmail/plugins/mail_fetch/options.php
trunk/squirrelmail/plugins/message_details/message_details_bottom.php
trunk/squirrelmail/plugins/newmail/functions.php
trunk/squirrelmail/plugins/newmail/newmail_opt.php
trunk/squirrelmail/plugins/spamcop/options.php
trunk/squirrelmail/plugins/spamcop/spamcop.php
trunk/squirrelmail/plugins/squirrelspell/modules/check_me.mod
trunk/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod
trunk/squirrelmail/plugins/squirrelspell/modules/forget_me.mod
trunk/squirrelmail/plugins/squirrelspell/modules/lang_change.mod
trunk/squirrelmail/plugins/squirrelspell/sqspell_functions.php
trunk/squirrelmail/plugins/translate/functions.php
trunk/squirrelmail/src/addrbook_search.php
trunk/squirrelmail/src/addrbook_search_html.php
trunk/squirrelmail/src/addressbook.php
trunk/squirrelmail/src/compose.php
trunk/squirrelmail/src/configtest.php
trunk/squirrelmail/src/folders.php
trunk/squirrelmail/src/login.php
trunk/squirrelmail/src/options_highlight.php
trunk/squirrelmail/src/options_identities.php
trunk/squirrelmail/src/options_order.php
trunk/squirrelmail/src/read_body.php
trunk/squirrelmail/src/right_main.php
trunk/squirrelmail/src/search.php
trunk/squirrelmail/src/vcard.php
trunk/squirrelmail/src/view_header.php
trunk/squirrelmail/templates/default/addrbook_addedit.tpl
trunk/squirrelmail/templates/default/addressbook_search_form.tpl
trunk/squirrelmail/templates/default/input.tpl
trunk/squirrelmail/templates/default/options_order.tpl
trunk/squirrelmail/templates/default_advanced/options_order.tpl
trunk/squirrelmail/templates/util_addressbook.php
trunk/squirrelmail/templates/util_read.php
Modified: trunk/squirrelmail/class/mime/Rfc822Header.class.php
===================================================================
--- trunk/squirrelmail/class/mime/Rfc822Header.class.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/class/mime/Rfc822Header.class.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -736,7 +736,7 @@
$value = substr($value,strlen($charset)+1);
/* FIXME: What's the status of charset decode with language information ????
* Maybe language information contains only ascii text and charset_decode()
- * only runs htmlspecialchars() on it. If it contains 8bit information, you
+ * only runs sm_encode_html_special_chars() on it. If it contains 8bit information, you
* get html encoded text in charset used by selected translation.
*/
$value = charset_decode($charset,$value);
Modified: trunk/squirrelmail/class/template/PHP_Template.class.php
===================================================================
--- trunk/squirrelmail/class/template/PHP_Template.class.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/class/template/PHP_Template.class.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -65,7 +65,7 @@
* @param mixed $value the value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function assign($tpl_var, $value = NULL) {
@@ -93,7 +93,7 @@
* @param mixed $value the referenced value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function assign_by_ref($tpl_var, &$value) {
@@ -159,7 +159,7 @@
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function append($tpl_var, $value = NULL, $merge = FALSE)
@@ -220,7 +220,7 @@
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function append_by_ref($tpl_var, &$value, $merge = FALSE)
Modified: trunk/squirrelmail/class/template/Smarty_Template.class.php
===================================================================
--- trunk/squirrelmail/class/template/Smarty_Template.class.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/class/template/Smarty_Template.class.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -84,7 +84,7 @@
* @param mixed $value the value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function assign($tpl_var, $value = NULL) {
@@ -100,7 +100,7 @@
* @param mixed $value the referenced value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function assign_by_ref($tpl_var, &$value) {
@@ -152,7 +152,7 @@
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function append($tpl_var, $value = NULL, $merge = FALSE) {
@@ -175,7 +175,7 @@
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function append_by_ref($tpl_var, &$value, $merge = FALSE) {
Modified: trunk/squirrelmail/class/template/Template.class.php
===================================================================
--- trunk/squirrelmail/class/template/Template.class.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/class/template/Template.class.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -1480,7 +1480,7 @@
if (empty($template)) {
- trigger_error('The template "' . htmlspecialchars($file)
+ trigger_error('The template "' . sm_encode_html_special_chars($file)
. '" could not be fetched!', E_USER_ERROR);
} else {
Modified: trunk/squirrelmail/functions/addressbook.php
===================================================================
--- trunk/squirrelmail/functions/addressbook.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/addressbook.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -162,7 +162,7 @@
* display address book init errors.
*/
if ($abook_init_error!='' && $showerr) {
- error_box(nl2br(htmlspecialchars($abook_init_error)));
+ error_box(nl2br(sm_encode_html_special_chars($abook_init_error)));
}
/* Return the initialized object */
@@ -414,7 +414,7 @@
*
* Extra field can be used to add link to form, which allows
* to modify all fields supported by backend. This is the only field
- * that is not sanitized with htmlspecialchars. Backends MUST make
+ * that is not sanitized with sm_encode_html_special_chars. Backends MUST make
* sure that field data is sanitized and displayed correctly inside
* table cell. Use of html formating in other address book fields is
* not allowed. Backends that don't return 'extra' row in address book
Modified: trunk/squirrelmail/functions/attachment_common.php
===================================================================
--- trunk/squirrelmail/functions/attachment_common.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/attachment_common.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -147,7 +147,7 @@
$Args[0]['attachment_common']['href'] = Where it links to */
sqgetGlobalVar('QUERY_STRING', $QUERY_STRING, SQ_SERVER);
- // if htmlspecialchars() breaks something - find other way to encode & in url.
+ // if sm_encode_html_special_chars() breaks something - find other way to encode & in url.
$Args[0]['attachment_common']['href'] = $base_uri . 'src/view_text.php?'. $QUERY_STRING;
$Args[0]['attachment_common']['href'] =
set_url_var($Args[0]['attachment_common']['href'],
Modified: trunk/squirrelmail/functions/display_messages.php
===================================================================
--- trunk/squirrelmail/functions/display_messages.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/display_messages.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -28,7 +28,7 @@
$link = array (
'URL' => sqm_baseuri()."src/right_main.php?sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox",
'TEXT' => sprintf (_("Click here to return to %s"),
- strtoupper($mailbox) == 'INBOX' ? _("INBOX") : htmlspecialchars(imap_utf7_decode_local($mailbox)))
+ strtoupper($mailbox) == 'INBOX' ? _("INBOX") : sm_encode_html_special_chars(imap_utf7_decode_local($mailbox)))
);
error_box($message, $link);
}
Modified: trunk/squirrelmail/functions/folder_manip.php
===================================================================
--- trunk/squirrelmail/functions/folder_manip.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/folder_manip.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -124,9 +124,9 @@
sqimap_logout($imapConnection);
$oTemplate->assign('dialog_type', 'rename');
- $oTemplate->assign('parent_folder', htmlspecialchars($old_parent));
- $oTemplate->assign('current_full_name', htmlspecialchars($old));
- $oTemplate->assign('current_folder_name', htmlspecialchars($old_name));
+ $oTemplate->assign('parent_folder', sm_encode_html_special_chars($old_parent));
+ $oTemplate->assign('current_full_name', sm_encode_html_special_chars($old));
+ $oTemplate->assign('current_folder_name', sm_encode_html_special_chars($old_name));
$oTemplate->assign('is_folder', $isfolder);
$oTemplate->display('folder_manip_dialog.tpl');
@@ -198,8 +198,8 @@
sqimap_logout($imapConnection);
$oTemplate->assign('dialog_type', 'delete');
- $oTemplate->assign('folder_name', htmlspecialchars($folder_name));
- $oTemplate->assign('visible_folder_name', htmlspecialchars($visible_folder_name));
+ $oTemplate->assign('folder_name', sm_encode_html_special_chars($folder_name));
+ $oTemplate->assign('visible_folder_name', sm_encode_html_special_chars($visible_folder_name));
$oTemplate->display('folder_manip_dialog.tpl');
$oTemplate->display('footer.tpl');
Modified: trunk/squirrelmail/functions/forms.php
===================================================================
--- trunk/squirrelmail/functions/forms.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/forms.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -4,7 +4,7 @@
* forms.php - html form functions
*
* Functions to build forms in a safe and consistent manner.
- * All attribute values are sanitized with htmlspecialchars().
+ * All attribute values are sanitized with sm_encode_html_special_chars().
//FIXME: I think the Template class might be better place to sanitize inside assign() method
*
* Currently functions don't provide simple wrappers for file and
@@ -65,7 +65,7 @@
global $oTemplate;
$oTemplate->assign('type', $sType);
-//FIXME: all the values in the $aAttribs list used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value);
+//FIXME: all the values in the $aAttribs list used to go thru sm_encode_html_special_chars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = sm_encode_html_special_chars($value);
$oTemplate->assign('aAttribs', $aAttribs);
return $oTemplate->fetch('input.tpl');
@@ -187,7 +187,7 @@
if (!$bMultiple && count($aValues) == 1) {
$k = key($aValues); $v = array_pop($aValues);
return addHidden($sName, ($bUsekeys ? $k : $v), $aAttribs)
- . htmlspecialchars($v);
+ . sm_encode_html_special_chars($v);
}
if (! isset($aAttribs['id'])) $aAttribs['id'] = $sName;
@@ -201,7 +201,7 @@
global $oTemplate;
-//FIXME: all the values in the $aAttribs list and $sName and both the keys and values in $aValues used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sName = htmlspecialchars($sName); $aNewValues = array(); foreach ($aValues as $key => $value) $aNewValues[htmlspecialchars($key)] = htmlspecialchars($value); $aValues = $aNewValues; And probably this too because it has to be matched to a value that has already been sanitized: $default = htmlspecialchars($default); (oops, watch out for when $default is an array! (multiple select lists))
+//FIXME: all the values in the $aAttribs list and $sName and both the keys and values in $aValues used to go thru sm_encode_html_special_chars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = sm_encode_html_special_chars($value); $sName = sm_encode_html_special_chars($sName); $aNewValues = array(); foreach ($aValues as $key => $value) $aNewValues[sm_encode_html_special_chars($key)] = sm_encode_html_special_chars($value); $aValues = $aNewValues; And probably this too because it has to be matched to a value that has already been sanitized: $default = sm_encode_html_special_chars($default); (oops, watch out for when $default is an array! (multiple select lists))
$oTemplate->assign('aAttribs', $aAttribs);
$oTemplate->assign('aValues', $aValues);
$oTemplate->assign('bUsekeys', $bUsekeys);
@@ -300,7 +300,7 @@
global $oTemplate;
-//FIXME: all the values in the $aAttribs list as well as $sName and $sText used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sName = htmlspecialchars($sName); $sText = htmlspecialchars($sText);
+//FIXME: all the values in the $aAttribs list as well as $sName and $sText used to go thru sm_encode_html_special_chars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = sm_encode_html_special_chars($value); $sName = sm_encode_html_special_chars($sName); $sText = sm_encode_html_special_chars($sText);
$oTemplate->assign('aAttribs', $aAttribs);
$oTemplate->assign('name', $sName);
$oTemplate->assign('text', $sText);
@@ -336,7 +336,7 @@
global $oTemplate;
-//FIXME: all the values in the $aAttribs list as well as $charset used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sCharset = htmlspecialchars($sCharset);
+//FIXME: all the values in the $aAttribs list as well as $charset used to go thru sm_encode_html_special_chars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = sm_encode_html_special_chars($value); $sCharset = sm_encode_html_special_chars($sCharset);
$oTemplate->assign('aAttribs', $aAttribs);
$oTemplate->assign('name', $sName);
$oTemplate->assign('method', $sMethod);
Modified: trunk/squirrelmail/functions/global.php
===================================================================
--- trunk/squirrelmail/functions/global.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/global.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -764,8 +764,8 @@
/**
- * Sanitize a value using htmlspecialchars() or similar, but also
- * recursively run htmlspecialchars() (or similar) on array keys
+ * Sanitize a value using sm_encode_html_special_chars() or similar, but also
+ * recursively run sm_encode_html_special_chars() (or similar) on array keys
* and values.
*
* If $value is not a string or an array with strings in it,
@@ -811,7 +811,7 @@
if ($quote_style === TRUE)
return str_replace(array('\'', '"'), array(''', '"'), $value);
else
- return htmlspecialchars($value, $quote_style);
+ return sm_encode_html_special_chars($value, $quote_style);
}
// anything else gets returned with no changes
Modified: trunk/squirrelmail/functions/imap_general.php
===================================================================
--- trunk/squirrelmail/functions/imap_general.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/imap_general.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -349,7 +349,7 @@
'sqimap_run_command or sqimap_run_command_list instead<br /><br />'.
'The following query was issued:<br />'.
//FIXME: NO HTML IN CORE!
- htmlspecialchars($query) . '<br />' . "</font><br />\n";
+ sm_encode_html_special_chars($query) . '<br />' . "</font><br />\n";
error_box($string);
$oTemplate->display('footer.tpl');
exit;
@@ -376,11 +376,11 @@
$cmd= strtolower($cmd[0]);
if ($query != '' && $cmd != 'login')
- $string .= _("Query:") . ' ' . htmlspecialchars($query) . '<br />';
+ $string .= _("Query:") . ' ' . sm_encode_html_special_chars($query) . '<br />';
if ($message_title != '')
$string .= $message_title;
if ($message != '')
- $string .= htmlspecialchars($message);
+ $string .= sm_encode_html_special_chars($message);
//FIXME: NO HTML IN CORE!
$string .= "</font><br />\n";
if ($link != '')
@@ -941,7 +941,7 @@
//FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here
if ($response != 'NO') {
/* "BAD" and anything else gets reported here. */
- $message = htmlspecialchars($message);
+ $message = sm_encode_html_special_chars($message);
set_up_language($squirrelmail_language, true);
if ($response == 'BAD') {
if ($hide == 3) return sprintf(_("Bad request: %s"), $message);
@@ -953,7 +953,7 @@
if (isset($read) && is_array($read)) {
$string .= '<br />' . _("Read data:") . "<br />\n";
foreach ($read as $line) {
- $string .= htmlspecialchars($line) . "<br />\n";
+ $string .= sm_encode_html_special_chars($line) . "<br />\n";
}
}
error_box($string);
Modified: trunk/squirrelmail/functions/imap_mailbox.php
===================================================================
--- trunk/squirrelmail/functions/imap_mailbox.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/imap_mailbox.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -432,7 +432,7 @@
*/
if (strstr($mailbox, '../') || substr($mailbox, 0, 1) == '/') {
global $oTemplate;
- error_box(sprintf(_("Invalid mailbox name: %s"),htmlspecialchars($mailbox)));
+ error_box(sprintf(_("Invalid mailbox name: %s"),sm_encode_html_special_chars($mailbox)));
sqimap_logout($imap_stream);
$oTemplate->display('footer.tpl');
die();
@@ -784,7 +784,7 @@
// i18n: Name of Drafts folder
$box2 = $pad . _("Drafts");
} else {
- $box2 = str_replace('&nbsp;&nbsp;', '. ', htmlspecialchars($boxes_part['formatted']));
+ $box2 = str_replace('&nbsp;&nbsp;', '. ', sm_encode_html_special_chars($boxes_part['formatted']));
}
break;
case SMPREF_MAILBOX_SELECT_INDENTED:
@@ -798,16 +798,16 @@
$pad = str_pad('',12 * (count(explode($delimiter,$boxes_part['unformatted-dm']))-1),' ');
$box2 = $pad . _("Drafts");
} else {
- $box2 = str_replace('&nbsp;&nbsp;', ' ', htmlspecialchars($boxes_part['formatted']));
+ $box2 = str_replace('&nbsp;&nbsp;', ' ', sm_encode_html_special_chars($boxes_part['formatted']));
}
break;
default: /* default, long names, style = 0 */
- $box2 = str_replace(' ', ' ', htmlspecialchars(imap_utf7_decode_local($boxes_part['unformatted-disp'])));
+ $box2 = str_replace(' ', ' ', sm_encode_html_special_chars(imap_utf7_decode_local($boxes_part['unformatted-disp'])));
break;
}
}
- $a[htmlspecialchars($box)] = $box2;
+ $a[sm_encode_html_special_chars($box)] = $box2;
}
}
@@ -843,12 +843,12 @@
$str = '';
foreach ($boxes as $value=>$option) {
- $lowerbox = strtolower(htmlspecialchars($value));
+ $lowerbox = strtolower(sm_encode_html_special_chars($value));
$sel = false;
if ($show_selected != 0) {
reset($show_selected);
while (!$sel && (list($x, $val) = each($show_selected))) {
- if (strtolower($value) == strtolower(htmlspecialchars($val))) {
+ if (strtolower($value) == strtolower(sm_encode_html_special_chars($val))) {
$sel = true;
}
}
Modified: trunk/squirrelmail/functions/imap_messages.php
===================================================================
--- trunk/squirrelmail/functions/imap_messages.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/imap_messages.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -622,7 +622,7 @@
$aMsg['ID'] = $id;
$fetch = substr($read,$i_space+1,5);
if (!is_numeric($id) && $fetch !== 'FETCH') {
- $aMsg['ERROR'] = $read; // htmlspecialchars should be done just before display. this is backend code
+ $aMsg['ERROR'] = $read; // sm_encode_html_special_chars should be done just before display. this is backend code
break;
}
$i = strpos($read,'(',$i_space+5);
Modified: trunk/squirrelmail/functions/mailbox_display.php
===================================================================
--- trunk/squirrelmail/functions/mailbox_display.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/mailbox_display.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -554,11 +554,11 @@
$sMailbox = (isset($aAddr[SQM_ADDR_MAILBOX])) ? $aAddr[SQM_ADDR_MAILBOX] : '';
$sHost = (isset($aAddr[SQM_ADDR_HOST])) ? $aAddr[SQM_ADDR_HOST] : '';
if ($sPersonal) {
- $title .= htmlspecialchars($sMailbox.'@'.$sHost).', ';
+ $title .= sm_encode_html_special_chars($sMailbox.'@'.$sHost).', ';
} else {
// if $value gets truncated we need to add the addresses with no
// personal name as well
- $title_maybe .= htmlspecialchars($sMailbox.'@'.$sHost).', ';
+ $title_maybe .= sm_encode_html_special_chars($sMailbox.'@'.$sHost).', ';
}
}
if ($title) {
Modified: trunk/squirrelmail/functions/mime.php
===================================================================
--- trunk/squirrelmail/functions/mime.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/mime.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -63,7 +63,7 @@
displayPageHeader( $color, $mailbox );
$errormessage = _("SquirrelMail could not decode the bodystructure of the message");
$errormessage .= '<br />'._("The bodystructure provided by your IMAP server:").'<br /><br />';
- $errormessage .= '<pre>' . htmlspecialchars($read) . '</pre>';
+ $errormessage .= '<pre>' . sm_encode_html_special_chars($read) . '</pre>';
plain_error_message( $errormessage );
echo '</body></html>';
exit;
@@ -632,7 +632,7 @@
$this_attachment['DownloadHREF'] = $links['download link']['href'];
$this_attachment['ViewHREF'] = isset($links['attachment_common']) ? $links['attachment_common']['href'] : '';
$this_attachment['Size'] = $header->size;
- $this_attachment['ContentType'] = htmlspecialchars($type0 .'/'. $type1);
+ $this_attachment['ContentType'] = sm_encode_html_special_chars($type0 .'/'. $type1);
$this_attachment['OtherLinks'] = array();
foreach ($links as $val) {
if ($val['text']==_("Download") || $val['text'] == _("View"))
@@ -831,7 +831,7 @@
$iLastMatch = $i;
$j = $i;
if ($htmlsafe) {
- $ret .= htmlspecialchars($res[1]);
+ $ret .= sm_encode_html_special_chars($res[1]);
} else {
$ret .= $res[1];
}
@@ -860,7 +860,7 @@
}
} else {
if ($htmlsafe) {
- $replace = htmlspecialchars($replace);
+ $replace = sm_encode_html_special_chars($replace);
}
$ret.= $replace;
}
@@ -881,7 +881,7 @@
}
} else {
if ($htmlsafe) {
- $replace = htmlspecialchars($replace);
+ $replace = sm_encode_html_special_chars($replace);
}
}
$ret .= $replace;
@@ -901,7 +901,7 @@
}
if (!$encoded && $htmlsafe) {
- $ret .= htmlspecialchars($chunk);
+ $ret .= sm_encode_html_special_chars($chunk);
} else {
$ret .= $chunk;
}
Modified: trunk/squirrelmail/functions/options.php
===================================================================
--- trunk/squirrelmail/functions/options.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/options.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -475,9 +475,9 @@
//TODO: might be better to have a separate template file for all widgets, because then the layout of the widget and the "trailing text" can be customized - they are still hard coded here
if ($password)
- return addPwField('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text);
+ return addPwField('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . sm_encode_html_special_chars($this->trailing_text);
else
- return addInput('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text);
+ return addInput('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . sm_encode_html_special_chars($this->trailing_text);
}
/**
@@ -547,7 +547,7 @@
$height = 5;
}
- return addSelect('new_' . $this->name, $this->possible_values, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height, !$this->htmlencoded) . htmlspecialchars($this->trailing_text);
+ return addSelect('new_' . $this->name, $this->possible_values, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height, !$this->htmlencoded) . sm_encode_html_special_chars($this->trailing_text);
}
@@ -605,7 +605,7 @@
$option_list = array('ignore' => _("unavailable"));
- return addSelect('new_' . $this->name, $option_list, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height) . htmlspecialchars($this->trailing_text);
+ return addSelect('new_' . $this->name, $option_list, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height) . sm_encode_html_special_chars($this->trailing_text);
}
@@ -792,7 +792,7 @@
*/
function createWidget_Submit() {
- return addSubmit($this->comment, $this->name, $this->aExtraAttribs) . htmlspecialchars($this->trailing_text);
+ return addSubmit($this->comment, $this->name, $this->aExtraAttribs) . sm_encode_html_special_chars($this->trailing_text);
}
Modified: trunk/squirrelmail/functions/page_header.php
===================================================================
--- trunk/squirrelmail/functions/page_header.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/page_header.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -284,7 +284,7 @@
* this explains the imap_mailbox.php dependency. We should instead store
* the selected mailbox in the session and fallback to the session var.
*/
- $shortBoxName = htmlspecialchars(imap_utf7_decode_local(
+ $shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local(
readShortMailboxName($mailbox, $delimiter)));
if (getPref($data_dir, $username, 'translate_special_folders')) {
global $sent_folder, $trash_folder, $draft_folder;
Modified: trunk/squirrelmail/functions/strings.php
===================================================================
--- trunk/squirrelmail/functions/strings.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/functions/strings.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -1674,3 +1674,38 @@
}
+/**
+ * Wrapper for PHP's htmlspecialchars() that
+ * attempts to add the correct character encoding
+ *
+ * @param string $string The string to be converted
+ * @param int $flags A bitmask that controls the behavior of htmlspecialchars()
+ * (See http://php.net/manual/function.htmlspecialchars.php )
+ * (OPTIONAL; default ENT_COMPAT)
+ * @param string $encoding The character encoding to use in the conversion
+ * (OPTIONAL; default automatic detection)
+ * @param boolean $double_encode Whether or not to convert entities that are
+ * already in the string (only supported in
+ * PHP 5.2.3+) (OPTIONAL; default TRUE)
+ *
+ * @return string The converted text
+ *
+ */
+function sm_encode_html_special_chars($string, $flags=ENT_COMPAT,
+ $encoding=NULL, $double_encode=TRUE)
+{
+ if (!$encoding)
+ {
+ global $default_charset;
+ if ($default_charset == 'iso-2022-jp')
+ $default_charset = 'EUC-JP';
+ $encoding = $default_charset;
+ }
+
+// TODO: Is adding this check an unnecessary performance hit?
+ if (check_php_version(5, 2, 3))
+ return htmlspecialchars($string, $flags, $encoding, $double_encode);
+
+ return htmlspecialchars($string, $flags, $encoding);
+}
+
Modified: trunk/squirrelmail/include/init.php
===================================================================
--- trunk/squirrelmail/include/init.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/include/init.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -274,20 +274,20 @@
* or
* contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E
* because it doesn't bother with broken tags.
- * htmlspecialchars() is the preferred method.
+ * sm_encode_html_special_chars() is the preferred method.
* QUERY_STRING also needs the same treatment since it is
* used in php_self().
* Update again: the encoding of ampersands that occurs
- * using htmlspecialchars() corrupts the query strings
+ * using sm_encode_html_special_chars() corrupts the query strings
* in normal URIs, so we have to let those through.
FIXME: will the de-sanitizing of ampersands create any security/XSS problems?
*/
if (isset($_SERVER['REQUEST_URI']))
- $_SERVER['REQUEST_URI'] = str_replace('&', '&', htmlspecialchars($_SERVER['REQUEST_URI']));
+ $_SERVER['REQUEST_URI'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['REQUEST_URI']));
if (isset($_SERVER['PHP_SELF']))
- $_SERVER['PHP_SELF'] = str_replace('&', '&', htmlspecialchars($_SERVER['PHP_SELF']));
+ $_SERVER['PHP_SELF'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['PHP_SELF']));
if (isset($_SERVER['QUERY_STRING']))
- $_SERVER['QUERY_STRING'] = str_replace('&', '&', htmlspecialchars($_SERVER['QUERY_STRING']));
+ $_SERVER['QUERY_STRING'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['QUERY_STRING']));
$PHP_SELF = php_self();
Modified: trunk/squirrelmail/include/languages.php
===================================================================
--- trunk/squirrelmail/include/languages.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/include/languages.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -193,7 +193,7 @@
* @param string $string Text to be decoded
* @param boolean $force_decode converts string to html without $charset!=$default_charset check.
* Argument is available since 1.4.5 and 1.5.1.
- * @param boolean $save_html disables htmlspecialchars() in order to preserve
+ * @param boolean $save_html disables sm_encode_html_special_chars() in order to preserve
* html formating. Use with care. Available since 1.4.6 and 1.5.1
* @return string decoded string
*/
@@ -218,7 +218,7 @@
// Don't do conversion if charset is the same.
if ( ! $force_decode && $charset == strtolower($default_charset) )
- return ($save_html ? $string : htmlspecialchars($string));
+ return ($save_html ? $string : sm_encode_html_special_chars($string));
// catch iso-8859-8-i thing
if ( $charset == "iso-8859-8-i" )
@@ -234,10 +234,10 @@
// other charsets can be converted to utf-8 without loss.
// and output string is smaller
$string = recode_string($charset . "..utf-8",$string);
- return ($save_html ? $string : htmlspecialchars($string));
+ return ($save_html ? $string : sm_encode_html_special_chars($string));
} else {
$string = recode_string($charset . "..html",$string);
- // recode does not convert single quote, htmlspecialchars does.
+ // recode does not convert single quote, sm_encode_html_special_chars does.
$string = str_replace("'", ''', $string);
// undo html specialchars
if ($save_html)
@@ -250,13 +250,13 @@
// iconv functions does not have html target and can be used only with utf-8
if ( $use_php_iconv && $default_charset=='utf-8') {
$string = iconv($charset,$default_charset,$string);
- return ($save_html ? $string : htmlspecialchars($string));
+ return ($save_html ? $string : sm_encode_html_special_chars($string));
}
// If we don't use recode and iconv, we'll do it old way.
/* All HTML special characters are 7 bit and can be replaced first */
- if (! $save_html) $string = htmlspecialchars ($string);
+ if (! $save_html) $string = sm_encode_html_special_chars ($string);
/* controls cpu and memory intensive decoding cycles */
if (! isset($aggressive_decoding) || $aggressive_decoding=="" ) {
@@ -279,7 +279,7 @@
* @since 1.4.4 and 1.5.1
* @param string $string
* @param string $charset
- * @param boolean $htmlencode keep htmlspecialchars encoding
+ * @param boolean $htmlencode keep sm_encode_html_special_chars encoding
* @return string
*/
function charset_encode($string,$charset,$htmlencode=true) {
@@ -323,7 +323,7 @@
* @param string $in_charset initial charset
* @param string $string string that has to be converted
* @param string $out_charset final charset
- * @param boolean $htmlencode keep htmlspecialchars encoding
+ * @param boolean $htmlencode keep sm_encode_html_special_chars encoding
* @return string converted string
*/
function charset_convert($in_charset,$string,$out_charset,$htmlencode=true) {
Modified: trunk/squirrelmail/include/options/display.php
===================================================================
--- trunk/squirrelmail/include/options/display.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/include/options/display.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -82,14 +82,14 @@
$template_themes = $oTemplate->get_alternative_stylesheets(true);
asort($template_themes);
foreach ($template_themes as $sheet=>$name) {
- $theme_values[$sheet] = 'Template Theme - '.htmlspecialchars($name);
+ $theme_values[$sheet] = 'Template Theme - '.sm_encode_html_special_chars($name);
}
// Next, list user-provided styles
asort($user_themes);
foreach ($user_themes as $style) {
if ($style['PATH'] == 'none')
continue;
- $theme_values[$style['PATH']] = 'User Theme - '.htmlspecialchars($style['NAME']);
+ $theme_values[$style['PATH']] = 'User Theme - '.sm_encode_html_special_chars($style['NAME']);
}
if (count($user_themes) + count($template_themes) > 1) {
Modified: trunk/squirrelmail/include/options/personal.php
===================================================================
--- trunk/squirrelmail/include/options/personal.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/include/options/personal.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -104,7 +104,7 @@
'caption' => _("E-mail Address"),
'type' => SMOPT_TYPE_COMMENT,
'refresh' => SMOPT_REFRESH_NONE,
- 'comment' => htmlspecialchars($email_address)
+ 'comment' => sm_encode_html_special_chars($email_address)
);
}
Modified: trunk/squirrelmail/plugins/administrator/options.php
===================================================================
--- trunk/squirrelmail/plugins/administrator/options.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/administrator/options.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -422,7 +422,7 @@
}
echo "<tr><td valign=\"top\">$name</td><td>"
."<textarea cols=\"$size\" rows=\"4\" name=\"adm_$n\">"
- .htmlspecialchars(stripslashes(substr( $v, 1, strlen( $v ) - 2 )))
+ .sm_encode_html_special_chars(stripslashes(substr( $v, 1, strlen( $v ) - 2 )))
."</textarea>";
if ( isset( $defcfg[$k]['comment'] ) ) {
echo ' ' . $defcfg[$k]['comment'];
@@ -440,7 +440,7 @@
}
echo "<tr><td>$name</td><td>"
."<input size=\"$size\" name=\"adm_$n\" value=\""
- .htmlspecialchars(stripslashes(substr( $v, 1, strlen( $v ) - 2 )))
+ .sm_encode_html_special_chars(stripslashes(substr( $v, 1, strlen( $v ) - 2 )))
.'" />';
if ( isset( $defcfg[$k]['comment'] ) ) {
echo ' ' . $defcfg[$k]['comment'];
Modified: trunk/squirrelmail/plugins/calendar/calendar.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/calendar.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/calendar/calendar.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -114,11 +114,11 @@
$calbar = $calendardata[$cdate][$calfoo['key']];
// FIXME: how to display multiline task
$title = '['. $calfoo['key']. '] ' .
- str_replace(array("\r","\n"),array(' ',' '),htmlspecialchars($calbar['message']));
+ str_replace(array("\r","\n"),array(' ',' '),sm_encode_html_special_chars($calbar['message']));
// FIXME: link to nowhere
echo "<a href=\"#\" style=\"text-decoration:none; color: "
.($calbar['priority']==1 ? $color[1] : $color[6])
- ."\" title=\"$title\">".htmlspecialchars($calbar['title'])."</a><br />\n";
+ ."\" title=\"$title\">".sm_encode_html_special_chars($calbar['title'])."</a><br />\n";
$i=$i+1;
if($i==2){
break;
Modified: trunk/squirrelmail/plugins/calendar/calendar_data.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/calendar_data.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/calendar/calendar_data.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -23,7 +23,7 @@
* Plugin stores multiline texts converted to single line with PHP nl2br().
* Function undoes nl2br() conversion and html encoding of ASCII vertical bar.
*
- * Older plugin versions sanitized data with htmlspecialchars. Since 1.5.1 calendar
+ * Older plugin versions sanitized data with sm_encode_html_special_chars. Since 1.5.1 calendar
* data is not sanitized. Output functions must make sure that data is correctly
* encoded and sanitized.
* @param string $string calendar string
Modified: trunk/squirrelmail/plugins/calendar/day.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/day.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/calendar/day.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -127,9 +127,9 @@
html_tag( 'td', date_intl(_("H:i"),mktime($ehour,$eminute,0,1,1,0)) . $elength, 'left' ) .
html_tag( 'td', '', 'left' ) . '[';
echo ($calbar['priority']==1) ?
- "<font color=\"$color[1]\">".htmlspecialchars($calbar['title']).'</font>' :
- htmlspecialchars($calbar['title']);
- echo'] <div style="margin-left:10px">'.nl2br(htmlspecialchars($calbar['message'])).'</div>' .
+ "<font color=\"$color[1]\">".sm_encode_html_special_chars($calbar['title']).'</font>' :
+ sm_encode_html_special_chars($calbar['title']);
+ echo'] <div style="margin-left:10px">'.nl2br(sm_encode_html_special_chars($calbar['message'])).'</div>' .
html_tag( 'td',
"<font size=\"-1\"><nobr>\n" .
"<a href=\"event_edit.php?year=$year&month=$month&day=$day&hour=".
Modified: trunk/squirrelmail/plugins/calendar/event_create.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/event_create.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/calendar/event_create.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -159,11 +159,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
- html_tag( 'td', htmlspecialchars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
+ html_tag( 'td', sm_encode_html_special_chars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
) .
html_tag( 'tr',
html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" .
- html_tag( 'td', nl2br(htmlspecialchars($event_text,ENT_NOQUOTES)), 'left', $color[4] ) . "\n"
+ html_tag( 'td', nl2br(sm_encode_html_special_chars($event_text,ENT_NOQUOTES)), 'left', $color[4] ) . "\n"
) .
html_tag( 'tr',
html_tag( 'td',
Modified: trunk/squirrelmail/plugins/calendar/event_delete.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/event_delete.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/calendar/event_delete.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -74,11 +74,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:"), 'right', $color[4] ) .
- html_tag( 'td', htmlspecialchars($tmparray['title']), 'left', $color[4] )
+ html_tag( 'td', sm_encode_html_special_chars($tmparray['title']), 'left', $color[4] )
) .
html_tag( 'tr',
html_tag( 'td', _("Message:"), 'right', $color[4] ) .
- html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])), 'left', $color[4] )
+ html_tag( 'td', nl2br(sm_encode_html_special_chars($tmparray['message'])), 'left', $color[4] )
) .
html_tag( 'tr',
html_tag( 'td',
Modified: trunk/squirrelmail/plugins/calendar/event_edit.php
===================================================================
--- trunk/squirrelmail/plugins/calendar/event_edit.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/calendar/event_edit.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -176,11 +176,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', htmlspecialchars($tmparray['title']) , 'left', $color[4] ) ."\n"
+ html_tag( 'td', sm_encode_html_special_chars($tmparray['title']) , 'left', $color[4] ) ."\n"
) .
html_tag( 'tr',
html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])) , 'left', $color[4] ) ."\n"
+ html_tag( 'td', nl2br(sm_encode_html_special_chars($tmparray['message'])) , 'left', $color[4] ) ."\n"
) .
html_tag( 'tr',
html_tag( 'th', _("to:") . "<br />\n", '', $color[4], 'colspan="2"' ) ."\n"
@@ -200,11 +200,11 @@
) .
html_tag( 'tr',
html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', htmlspecialchars($event_title) , 'left', $color[4] ) ."\n"
+ html_tag( 'td', sm_encode_html_special_chars($event_title) , 'left', $color[4] ) ."\n"
) .
html_tag( 'tr',
html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', nl2br(htmlspecialchars($event_text)) , 'left', $color[4] ) ."\n"
+ html_tag( 'td', nl2br(sm_encode_html_special_chars($event_text)) , 'left', $color[4] ) ."\n"
) .
html_tag( 'tr',
html_tag( 'td',
Modified: trunk/squirrelmail/plugins/change_password/backend/ldap.php
===================================================================
--- trunk/squirrelmail/plugins/change_password/backend/ldap.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/change_password/backend/ldap.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -646,7 +646,7 @@
break;
default:
array_push($msgs,sprintf(_("Unsupported crypto: %s"),
- (is_string($ldap_crypto) ? htmlspecialchars($ldap_crypto) : _("unknown"))));
+ (is_string($ldap_crypto) ? sm_encode_html_special_chars($ldap_crypto) : _("unknown"))));
}
return $ret;
}
Modified: trunk/squirrelmail/plugins/change_password/backend/peardb.php
===================================================================
--- trunk/squirrelmail/plugins/change_password/backend/peardb.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/change_password/backend/peardb.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -152,16 +152,16 @@
// connect to database and make sure that table exists
$cpw_db = DB::connect($cpw_peardb_dsn, $cpw_peardb_connect_opts);
if (PEAR::isError($cpw_db)) {
- array_push($msgs,sprintf(_("Connection error: %s"),htmlspecialchars($cpw_db->getMessage())));
+ array_push($msgs,sprintf(_("Connection error: %s"),sm_encode_html_special_chars($cpw_db->getMessage())));
if ($cpw_peardb_debug)
- array_push($msgs,htmlspecialchars($cpw_db->getuserinfo()));
+ array_push($msgs,sm_encode_html_special_chars($cpw_db->getuserinfo()));
return $msgs;
}
// get table information
$table_info = $cpw_db->tableinfo($cpw_peardb_table);
if (PEAR::isError($table_info)) {
- array_push($msgs,sprintf(_("Invalid table name: %s"),htmlspecialchars($cpw_peardb_table)));
+ array_push($msgs,sprintf(_("Invalid table name: %s"),sm_encode_html_special_chars($cpw_peardb_table)));
$cpw_db->disconnect();
return $msgs;
}
@@ -210,7 +210,7 @@
'');
$cpw_res=$cpw_db->query($query);
if (PEAR::isError($cpw_res)) {
- array_push($msgs,sprintf(_("Query failed: %s"),htmlspecialchars($cpw_res->getMessage())));
+ array_push($msgs,sprintf(_("Query failed: %s"),sm_encode_html_special_chars($cpw_res->getMessage())));
$cpw_db->disconnect();
return $msgs;
}
@@ -284,7 +284,7 @@
// check for update error
if (PEAR::isError($cpw_res)) {
- array_push($msgs,sprintf(_("Unable to set new password: %s"),htmlspecialchars($cpw_res->getMessage())));
+ array_push($msgs,sprintf(_("Unable to set new password: %s"),sm_encode_html_special_chars($cpw_res->getMessage())));
}
// close database connection
@@ -427,7 +427,7 @@
$ret = $password;
break;
default:
- array_push($msgs,sprintf(_("Unsupported crypto: %s"),htmlspecialchars($crypto)));
+ array_push($msgs,sprintf(_("Unsupported crypto: %s"),sm_encode_html_special_chars($crypto)));
}
return $ret;
}
Modified: trunk/squirrelmail/plugins/change_password/options.php
===================================================================
--- trunk/squirrelmail/plugins/change_password/options.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/change_password/options.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -81,7 +81,7 @@
if (isset($Messages) && count($Messages) > 0) {
echo "<tr><td>\n";
foreach ($Messages as $line) {
- echo htmlspecialchars($line) . "<br />\n";
+ echo sm_encode_html_special_chars($line) . "<br />\n";
}
echo "</td></tr>\n";
}
Modified: trunk/squirrelmail/plugins/filters/options.php
===================================================================
--- trunk/squirrelmail/plugins/filters/options.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/filters/options.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -180,7 +180,7 @@
html_tag( 'td', '', 'left' ) .
'<input type="text" size="32" name="filter_what" value="';
if (isset($filters[$theid]['what'])) {
- echo htmlspecialchars($filters[$theid]['what']);
+ echo sm_encode_html_special_chars($filters[$theid]['what']);
}
echo '" />'.
'</td>'.
@@ -243,7 +243,7 @@
printf( _("If %s contains %s then move to %s"),
'<b>'.$filters[$i]['where'].'</b>',
'<b>'.$filters[$i]['what'].'</b>',
- '<b>'.htmlspecialchars(imap_utf7_decode_local($fdr)).'</b>');
+ '<b>'.sm_encode_html_special_chars(imap_utf7_decode_local($fdr)).'</b>');
echo '</td></tr>';
}
Modified: trunk/squirrelmail/plugins/filters/spamoptions.php
===================================================================
--- trunk/squirrelmail/plugins/filters/spamoptions.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/filters/spamoptions.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -175,7 +175,7 @@
echo html_tag( 'p', '', 'center' ) .
'[<a href="spamoptions.php?action=spam">' . _("Edit") . '</a>]' .
' - [<a href="../../src/options.php">' . _("Done") . '</a>]</div><br /><br />';
- printf( _("Spam is sent to %s."), ($filters_spam_folder?'<b>'.htmlspecialchars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not set yet").'</i>]' ) );
+ printf( _("Spam is sent to %s."), ($filters_spam_folder?'<b>'.sm_encode_html_special_chars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not set yet").'</i>]' ) );
echo '<br />';
printf( _("Spam scan is limited to %s."), '<b>' . ( ($filters_spam_scan == 'new')?_("Unread messages only"):_("All messages") ) . '</b>' );
echo '</p>'.
Modified: trunk/squirrelmail/plugins/fortune/functions.php
===================================================================
--- trunk/squirrelmail/plugins/fortune/functions.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/fortune/functions.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -50,7 +50,7 @@
}
$oTemplate->assign('color', $color);
- $oTemplate->assign('fortune', htmlspecialchars($fortune));
+ $oTemplate->assign('fortune', sm_encode_html_special_chars($fortune));
$output = $oTemplate->fetch('plugins/fortune/mailbox_index_before.tpl');
return array('mailbox_index_before' => $output);
Modified: trunk/squirrelmail/plugins/info/functions.php
===================================================================
--- trunk/squirrelmail/plugins/info/functions.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/info/functions.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -37,7 +37,7 @@
* @access private
*/
function imap_test($imap_stream, $string) {
- print "<tr><td>".htmlspecialchars($string)."</td></tr>";
+ print "<tr><td>".sm_encode_html_special_chars($string)."</td></tr>";
$response = sqimap_run_command_list($imap_stream, trim($string),false, $responses, $message,false);
array_push($response, $responses . ' ' .$message);
return $response;
@@ -55,7 +55,7 @@
print_response($value);
}
else {
- print htmlspecialchars($value)."<br />\n";
+ print sm_encode_html_special_chars($value)."<br />\n";
}
}
}
Modified: trunk/squirrelmail/plugins/info/options.php
===================================================================
--- trunk/squirrelmail/plugins/info/options.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/info/options.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -75,7 +75,7 @@
"</b><br />\n";
foreach($caps_array[0] as $value) {
- echo htmlspecialchars($value);
+ echo sm_encode_html_special_chars($value);
}
echo "</td></tr><tr><td>\n";
@@ -92,8 +92,8 @@
}
}
else {
- echo 'folder_prefix = ' . htmlspecialchars($folder_prefix)."<br />\n" .
- 'default_charset = '.htmlspecialchars($default_charset)."\n";
+ echo 'folder_prefix = ' . sm_encode_html_special_chars($folder_prefix)."<br />\n" .
+ 'default_charset = '.sm_encode_html_special_chars($default_charset)."\n";
}
echo "<br /></td></tr></table><br />\n";
Modified: trunk/squirrelmail/plugins/listcommands/mailout.php
===================================================================
--- trunk/squirrelmail/plugins/listcommands/mailout.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/listcommands/mailout.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -40,13 +40,13 @@
$out_string = _("This will send a message to %s requesting that you will be unsubscribed from this list. It will try to unsubscribe the adress below.");
break;
default:
- error_box(sprintf(_("Unknown action: %s"),htmlspecialchars($action)));
+ error_box(sprintf(_("Unknown action: %s"),sm_encode_html_special_chars($action)));
// display footer (closes html tags) and stop script execution
$oTemplate->display('footer.tpl');
exit;
}
-$out_string = sprintf($out_string, '"' . htmlspecialchars($send_to) . '"');
+$out_string = sprintf($out_string, '"' . sm_encode_html_special_chars($send_to) . '"');
$idents = get_identities();
$fieldsdescr = listcommands_fieldsdescr();
$fielddescr = $fieldsdescr[$action];
Modified: trunk/squirrelmail/plugins/listcommands/templates/default/mailout.tpl
===================================================================
--- trunk/squirrelmail/plugins/listcommands/templates/default/mailout.tpl 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/listcommands/templates/default/mailout.tpl 2012-12-09 12:06:30 UTC (rev 14346)
@@ -42,7 +42,7 @@
foreach($idents as $nr=>$data) {
echo '<option value="' . $nr . '">' .
- htmlspecialchars(
+ sm_encode_html_special_chars(
$data['full_name'].' <'.
$data['email_address'] . '>') .
"</option>\n";
@@ -53,14 +53,14 @@
} else {
echo _("From:");
- echo htmlspecialchars($idents[0]['full_name'].' <'.$idents[0]['email_address'].'>');
+ echo sm_encode_html_special_chars($idents[0]['full_name'].' <'.$idents[0]['email_address'].'>');
}
?>
<br /><br />
-<input type="hidden" name="send_to" value="<?php echo htmlspecialchars($send_to); ?>" />
-<input type="hidden" name="subject" value="<?php echo htmlspecialchars($subject); ?>" />
-<input type="hidden" name="body" value="<?php echo htmlspecialchars($body); ?>" />
-<input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox); ?>" />
+<input type="hidden" name="send_to" value="<?php echo sm_encode_html_special_chars($send_to); ?>" />
+<input type="hidden" name="subject" value="<?php echo sm_encode_html_special_chars($subject); ?>" />
+<input type="hidden" name="body" value="<?php echo sm_encode_html_special_chars($body); ?>" />
+<input type="hidden" name="mailbox" value="<?php echo sm_encode_html_special_chars($mailbox); ?>" />
<input type="submit" name="send1" value="<?php echo _("Send Mail"); ?>" />
<br />
</form>
Modified: trunk/squirrelmail/plugins/mail_fetch/fetch.php
===================================================================
--- trunk/squirrelmail/plugins/mail_fetch/fetch.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/mail_fetch/fetch.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -35,7 +35,7 @@
function Mail_Fetch_Status($msg) {
echo html_tag( 'table',
html_tag( 'tr',
- html_tag( 'td', htmlspecialchars( $msg ) , 'left' )
+ html_tag( 'td', sm_encode_html_special_chars( $msg ) , 'left' )
),
'', '', 'width="90%"' );
flush();
@@ -97,7 +97,7 @@
'<option value="all" selected="selected">..' . _("All") . "...\n";
for ($i = 0;$i < $mailfetch['server_number'];$i++) {
echo "<option value=\"$i\">" .
- htmlspecialchars($mailfetch[$i]['alias']) .
+ sm_encode_html_special_chars($mailfetch[$i]['alias']) .
'</option>' . "\n";
}
echo '</select>' .
@@ -109,7 +109,7 @@
if ($mailfetch[$i]['pass'] == '') {
echo html_tag( 'tr',
html_tag( 'td', _("Password for") . ' <b>' .
- htmlspecialchars($mailfetch[$i]['alias']) .
+ sm_encode_html_special_chars($mailfetch[$i]['alias']) .
'</b>: ',
'right' ) .
html_tag( 'td', '<input type="password" name="pass_' . $i . '" />', 'left' )
@@ -177,7 +177,7 @@
html_tag( 'tr',
html_tag( 'td', '<b>' .
sprintf(_("Fetching from %s"),
- htmlspecialchars($mailfetch[$i_loop]['alias'])) .
+ sm_encode_html_special_chars($mailfetch[$i_loop]['alias'])) .
'</b>',
'center' ) ,
'', $color[9] ) ,
@@ -209,13 +209,13 @@
/* log into pop server*/
if (! $pop3->login($mailfetch_user, $mailfetch_pass)) {
- Mail_Fetch_Status(_("Login Failed:") . ' ' . htmlspecialchars($pop3->error));
+ Mail_Fetch_Status(_("Login Failed:") . ' ' . sm_encode_html_special_chars($pop3->error));
continue;
}
$aMsgStat = $pop3->command_stat();
if (is_bool($aMsgStat)) {
- Mail_Fetch_Status(_("Can't get mailbox status:") . ' ' . htmlspecialchars($pop3->error) );
+ Mail_Fetch_Status(_("Can't get mailbox status:") . ' ' . sm_encode_html_special_chars($pop3->error) );
continue;
}
@@ -229,7 +229,7 @@
Mail_Fetch_Status(_("Fetching UIDL..."));
$msglist = $pop3->command_uidl();
if (is_bool($msglist)) {
- Mail_Fetch_Status(_("Server does not support UIDL.") . ' '.htmlspecialchars($pop3->error));
+ Mail_Fetch_Status(_("Server does not support UIDL.") . ' '.sm_encode_html_special_chars($pop3->error));
// User asked to leave messages on server, but we can't do that.
$pop3->command_quit();
continue;
@@ -284,7 +284,7 @@
$Message = $pop3->command_retr($i);
if (is_bool($Message)) {
- Mail_Fetch_Status(htmlspecialchars($pop3->error));
+ Mail_Fetch_Status(sm_encode_html_special_chars($pop3->error));
continue;
}
@@ -297,7 +297,7 @@
$response=(implode('',$response));
$message=(implode('',$message));
if ($response != 'OK') {
- Mail_Fetch_Status(_("Error Appending Message!")." ".htmlspecialchars($message) );
+ Mail_Fetch_Status(_("Error Appending Message!")." ".sm_encode_html_special_chars($message) );
Mail_Fetch_Status(_("Closing POP"));
$pop3->command_quit();
Mail_Fetch_Status(_("Logging out from IMAP"));
@@ -316,7 +316,7 @@
if( $pop3->command_dele($i) ) {
Mail_Fetch_Status(sprintf(_("Message %d deleted from remote server!"), $i));
} else {
- Mail_Fetch_Status(_("Delete failed:") . htmlspecialchars($pop3->error) );
+ Mail_Fetch_Status(_("Delete failed:") . sm_encode_html_special_chars($pop3->error) );
}
}
} else {
Modified: trunk/squirrelmail/plugins/mail_fetch/functions.php
===================================================================
--- trunk/squirrelmail/plugins/mail_fetch/functions.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/mail_fetch/functions.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -139,7 +139,7 @@
$aMsgStat = $pop3->command_stat();
if (is_bool($aMsgStat)) {
- $outMsg .= _("Can't get mailbox status:") . ' ' . htmlspecialchars($pop3->error);
+ $outMsg .= _("Can't get mailbox status:") . ' ' . sm_encode_html_special_chars($pop3->error);
continue;
}
@@ -152,7 +152,7 @@
if ($mailfetch_lmos == 'on') {
$msglist = $pop3->command_uidl();
if (is_bool($msglist)) {
- $outMsg .= _("Server does not support UIDL.") . ' '.htmlspecialchars($pop3->error);
+ $outMsg .= _("Server does not support UIDL.") . ' '.sm_encode_html_special_chars($pop3->error);
// User asked to leave messages on server, but we can't do that.
$pop3->command_quit();
continue;
@@ -191,7 +191,7 @@
$Message = $pop3->command_retr($i);
if (is_bool($Message)) {
- $outMsg .= _("Warning:") . ' ' . htmlspecialchars($pop3->error);
+ $outMsg .= _("Warning:") . ' ' . sm_encode_html_special_chars($pop3->error);
continue;
}
@@ -212,7 +212,7 @@
$response=(implode('',$response));
$message=(implode('',$message));
if ($response != 'OK') {
- $outMsg .= _("Error Appending Message!")." ".htmlspecialchars($message);
+ $outMsg .= _("Error Appending Message!")." ".sm_encode_html_special_chars($message);
if ($mailfetch_lmos == 'on') {
setPref($data_dir,$username,"mailfetch_uidl_$i_loop", $msglist[$i-1]);
Modified: trunk/squirrelmail/plugins/mail_fetch/options.php
===================================================================
--- trunk/squirrelmail/plugins/mail_fetch/options.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/mail_fetch/options.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -342,7 +342,7 @@
echo '<b>' . _("Server Name:") . '</b> <select name="mf_sn">';
for ($i=0;$i<$mailfetch_server_number;$i++) {
echo "<option value=\"$i\">" .
- htmlspecialchars( (($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . "</option>";
+ sm_encode_html_special_chars( (($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . "</option>";
}
echo '</select>'.
' <input type="submit" name="mf_action_mod" value="' . _("Modify") . '" />'.
@@ -368,7 +368,7 @@
html_tag( 'td',
"<input type=\"hidden\" name=\"mf_sn\" value=\"$mf_sn\" />" .
'<input type="hidden" name="mf_action" value="confirm_delete" />' .
- '<br />' . _("Selected Server:") . " <b>" . htmlspecialchars($mailfetch_server_[$mf_sn]) . "</b><br />" .
+ '<br />' . _("Selected Server:") . " <b>" . sm_encode_html_special_chars($mailfetch_server_[$mf_sn]) . "</b><br />" .
_("Confirm delete of selected server?") . '<br /><br />' .
'<input type="submit" name="submit_mailfetch" value="' . _("Confirm Delete") . '" />' .
'<br /></form>' ,
@@ -396,27 +396,27 @@
html_tag( 'tr',
html_tag( 'th', _("Server:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_server" value="' .
- htmlspecialchars($mailfetch_server_[$mf_sn]) . '" size="40" />', 'left' )
+ sm_encode_html_special_chars($mailfetch_server_[$mf_sn]) . '" size="40" />', 'left' )
) .
html_tag( 'tr',
html_tag( 'th', _("Port:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_port" value="' .
- htmlspecialchars($mailfetch_port_[$mf_sn]) . '" size="40" />', 'left' )
+ sm_encode_html_special_chars($mailfetch_port_[$mf_sn]) . '" size="40" />', 'left' )
) .
html_tag( 'tr',
html_tag( 'th', _("Alias:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_alias" value="' .
- htmlspecialchars($mailfetch_alias_[$mf_sn]) . '" size="40" />', 'left' )
+ sm_encode_html_special_chars($mailfetch_alias_[$mf_sn]) . '" size="40" />', 'left' )
) .
html_tag( 'tr',
html_tag( 'th', _("Username:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_user" value="' .
- htmlspecialchars($mailfetch_user_[$mf_sn]) . '" size="20" />', 'left' )
+ sm_encode_html_special_chars($mailfetch_user_[$mf_sn]) . '" size="20" />', 'left' )
) .
html_tag( 'tr',
html_tag( 'th', _("Password:"), 'right' ) .
html_tag( 'td', '<input type="password" name="mf_pass" value="' .
- htmlspecialchars($mailfetch_pass_[$mf_sn]) . '" size="20" />', 'left' )
+ sm_encode_html_special_chars($mailfetch_pass_[$mf_sn]) . '" size="20" />', 'left' )
) .
html_tag( 'tr',
html_tag( 'th', _("Authentication type:"), 'right' ) .
Modified: trunk/squirrelmail/plugins/message_details/message_details_bottom.php
===================================================================
--- trunk/squirrelmail/plugins/message_details/message_details_bottom.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/message_details/message_details_bottom.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -260,7 +260,7 @@
$entities["$entStr"]['contenttype']=$reg[2].'/'.$reg[3];
}
} else if (!$nameset && preg_match("/^.*(name=\s*)\"(.*)\".*/i",$line,$reg)) {
- $name = htmlspecialchars($reg[2]);
+ $name = sm_encode_html_special_chars($reg[2]);
$content[$content_indx]['name'] = decodeHeader($name);
$nameset = true;
if (isset($entities["$entStr"])) {
@@ -285,7 +285,7 @@
if ($stripHTML) {
$message_body .= $line . "\r\n";
} else {
- $line = htmlspecialchars($line);
+ $line = sm_encode_html_special_chars($line);
if ($msgd_8bit_in_hex) $line = msgd_convert_to_hex($line);
$message_body .= "$pre"."$line"."$end"."\r\n";
}
Modified: trunk/squirrelmail/plugins/newmail/functions.php
===================================================================
--- trunk/squirrelmail/plugins/newmail/functions.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/newmail/functions.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -691,7 +691,7 @@
/**
* Converts media attributes to string
* Warning:
- * * attribute values are automatically sanitized by htmlspecialchars()
+ * * attribute values are automatically sanitized by sm_encode_html_special_chars()
* * This is internal function, use newmail_media_objects() instead
* @param array $args array with object attributes
* @return string string with object attributes
@@ -699,7 +699,7 @@
function newmail_media_prepare_args($args) {
$ret_args='';
foreach ($args as $arg => $value) {
- $ret_args.= $arg . '="' . htmlspecialchars($value) . '" ';
+ $ret_args.= $arg . '="' . sm_encode_html_special_chars($value) . '" ';
}
return $ret_args;
}
Modified: trunk/squirrelmail/plugins/newmail/newmail_opt.php
===================================================================
--- trunk/squirrelmail/plugins/newmail/newmail_opt.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/newmail/newmail_opt.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -153,8 +153,8 @@
if ($entry == $newmail_media) {
echo 'selected="selected" ';
}
- echo 'value="' . htmlspecialchars($entry) . '">' .
- htmlspecialchars($entry) . "</option>\n";
+ echo 'value="' . sm_encode_html_special_chars($entry) . '">' .
+ sm_encode_html_special_chars($entry) . "</option>\n";
}
}
$d->close();
@@ -165,7 +165,7 @@
echo 'selected="selected" ';
}
echo 'value="mmedia_' . $newmail_mm_name . '">'
- .htmlspecialchars($newmail_mm_name) . "</option>\n";
+ .sm_encode_html_special_chars($newmail_mm_name) . "</option>\n";
}
if($newmail_uploadsounds) {
@@ -205,7 +205,7 @@
// display currently uploaded file information
echo html_tag('tr')
. html_tag('td',_("Uploaded Media File:"),'right','','style="white-space: nowrap;"')
- . html_tag('td',($newmail_userfile_name!='' ? htmlspecialchars($newmail_userfile_name) : _("unavailable")))
+ . html_tag('td',($newmail_userfile_name!='' ? sm_encode_html_special_chars($newmail_userfile_name) : _("unavailable")))
."</tr>\n";
if ($newmail_userfile_name!='') {
@@ -218,8 +218,8 @@
echo html_tag( 'tr', "\n" .
html_tag( 'td', _("Current File:"), 'right', '', 'style="white-space: nowrap;"' ) .
html_tag( 'td', '<input type="hidden" value="' .
- htmlspecialchars($newmail_media) . '" name="media_default" />' .
- htmlspecialchars($media_output) . '', 'left' )
+ sm_encode_html_special_chars($newmail_media) . '" name="media_default" />' .
+ sm_encode_html_special_chars($media_output) . '', 'left' )
) . "\n";
}
echo html_tag( 'tr', "\n" .
Modified: trunk/squirrelmail/plugins/spamcop/options.php
===================================================================
--- trunk/squirrelmail/plugins/spamcop/options.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/spamcop/options.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -143,7 +143,7 @@
'<small>(' . _("see below") . ')</small>','right','','valign="top"');
?>
<td valign="top"><form method="post" action="options.php">
- <input type="text" size="30" name="ID" value="<?php echo htmlspecialchars($spamcop_id) ?>" />
+ <input type="text" size="30" name="ID" value="<?php echo sm_encode_html_special_chars($spamcop_id) ?>" />
<input type="hidden" name="action" value="save_id" />
<?php
echo '<input type="submit" value="' . _("Save ID") . "\" />\n";
Modified: trunk/squirrelmail/plugins/spamcop/spamcop.php
===================================================================
--- trunk/squirrelmail/plugins/spamcop/spamcop.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/spamcop/spamcop.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -120,8 +120,8 @@
echo '<input type="button" value="' . _("Close Window") . "\" onclick=\"window.close(); return true;\" />\n";
} else {
?><form method="post" action="<?php echo sqm_baseuri(); ?>src/right_main.php">
- <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) ?>" />
- <input type="hidden" name="startMessage" value="<?php echo htmlspecialchars($startMessage) ?>" />
+ <input type="hidden" name="mailbox" value="<?php echo sm_encode_html_special_chars($mailbox) ?>" />
+ <input type="hidden" name="startMessage" value="<?php echo sm_encode_html_special_chars($startMessage) ?>" />
<?php
echo '<input type="submit" value="' . _("Cancel / Done") . "\" />";
}
@@ -137,9 +137,9 @@
$form_action = sqm_baseuri() . 'src/compose.php';
?> <form method="post" action="<?php echo $form_action?>">
<input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token() ?>" />
- <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) ?>" />
- <input type="hidden" name="spamcop_is_composing" value="<?php echo htmlspecialchars($passed_id) ?>" />
- <input type="hidden" name="send_to" value="<?php echo htmlspecialchars($report_email)?>" />
+ <input type="hidden" name="mailbox" value="<?php echo sm_encode_html_special_chars($mailbox) ?>" />
+ <input type="hidden" name="spamcop_is_composing" value="<?php echo sm_encode_html_special_chars($passed_id) ?>" />
+ <input type="hidden" name="send_to" value="<?php echo sm_encode_html_special_chars($report_email)?>" />
<input type="hidden" name="subject" value="reply anyway" />
<input type="hidden" name="identity" value="0" />
<input type="hidden" name="session" value="<?php echo $session?>" />
@@ -163,7 +163,7 @@
} ?>
<input type="hidden" name="action" value="submit" />
<input type="hidden" name="oldverbose" value="1" />
- <input type="hidden" name="spam" value="<?php echo htmlspecialchars($spam_message); ?>" />
+ <input type="hidden" name="spam" value="<?php echo sm_encode_html_special_chars($spam_message); ?>" />
<?php
echo '<input type="submit" name="x1" value="' . _("Send Spam Report") . "\" />\n";
}
Modified: trunk/squirrelmail/plugins/squirrelspell/modules/check_me.mod
===================================================================
--- trunk/squirrelmail/plugins/squirrelspell/modules/check_me.mod 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/squirrelspell/modules/check_me.mod 2012-12-09 12:06:30 UTC (rev 14346)
@@ -106,7 +106,7 @@
*/
if (!empty($check->error)) {
$msg= '<div style="text-align: center;">'
- . nl2br(htmlspecialchars($check->error))
+ . nl2br(sm_encode_html_special_chars($check->error))
. '<form onsubmit="return false">'
. '<input type="submit" value=" ' . _("Close")
. ' " onclick="self.close()" /></form></div>';
@@ -125,7 +125,7 @@
*/
if (!empty($check->error)) {
$msg= '<div style="text-align: center;">'
- . nl2br(htmlspecialchars($check->error))
+ . nl2br(sm_encode_html_special_chars($check->error))
. '<form onsubmit="return false">'
. '<input type="submit" value=" ' . _("Close")
. ' " onclick="self.close()" /></form></div>';
@@ -153,7 +153,7 @@
}
} else {
if (!empty($check->error)) {
- $error_msg = nl2br(htmlspecialchars($check->error));
+ $error_msg = nl2br(sm_encode_html_special_chars($check->error));
} else {
$error_msg = _("Unknown error");
}
Modified: trunk/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod
===================================================================
--- trunk/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/squirrelspell/modules/edit_dic.mod 2012-12-09 12:06:30 UTC (rev 14346)
@@ -61,9 +61,9 @@
$msg .= "</td><td valign=\"top\">\n";
}
$msg .= "<input type=\"checkbox\" name=\"words_ary[]\" "
- . 'value="'.htmlspecialchars($lang_words[$j]). '" id="words_ary_'
+ . 'value="'.sm_encode_html_special_chars($lang_words[$j]). '" id="words_ary_'
. $j . '" /> <label for="words_ary_' . $j .'">'
- . htmlspecialchars($lang_words[$j]) . "</label><br />\n";
+ . sm_encode_html_special_chars($lang_words[$j]) . "</label><br />\n";
}
$msg .= '</td></tr></table></td></tr>'
. "<tr bgcolor=\"$color[0]\" align=\"center\"><td>"
Modified: trunk/squirrelmail/plugins/squirrelspell/modules/forget_me.mod
===================================================================
--- trunk/squirrelmail/plugins/squirrelspell/modules/forget_me.mod 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/squirrelspell/modules/forget_me.mod 2012-12-09 12:06:30 UTC (rev 14346)
@@ -40,7 +40,7 @@
// print list of deleted words
foreach ($words_ary as $deleted_word) {
- $msg.= '<li>'.htmlspecialchars($deleted_word)."</li>\n";
+ $msg.= '<li>'.sm_encode_html_special_chars($deleted_word)."</li>\n";
}
// rebuild dictionary
Modified: trunk/squirrelmail/plugins/squirrelspell/modules/lang_change.mod
===================================================================
--- trunk/squirrelmail/plugins/squirrelspell/modules/lang_change.mod 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/squirrelspell/modules/lang_change.mod 2012-12-09 12:06:30 UTC (rev 14346)
@@ -42,7 +42,7 @@
if (sizeof($new_langs)>1) {
$dsp_string = '';
foreach( $new_langs as $a) {
- $dsp_string .= _(htmlspecialchars(trim($a))) . _(", ");
+ $dsp_string .= _(sm_encode_html_special_chars(trim($a))) . _(", ");
}
// remove last comma and space
$dsp_string = substr( $dsp_string, 0, -2 );
@@ -52,15 +52,15 @@
// make sure that you don't use html codes in language name translations
$msg = '<p>'
. sprintf(_("Settings adjusted to: %s with %s as default dictionary."),
- '<strong>'.htmlspecialchars($dsp_string).'</strong>',
- '<strong>'.htmlspecialchars(_($lang_default)).'</strong>')
+ '<strong>'.sm_encode_html_special_chars($dsp_string).'</strong>',
+ '<strong>'.sm_encode_html_special_chars(_($lang_default)).'</strong>')
. '</p>';
} else {
/**
* Only one dictionary is selected.
*/
$msg = '<p>'
- . sprintf(_("Using %s dictionary for spellcheck." ), '<strong>'.htmlspecialchars(_($new_langs[0])).'</strong>')
+ . sprintf(_("Using %s dictionary for spellcheck." ), '<strong>'.sm_encode_html_special_chars(_($new_langs[0])).'</strong>')
. '</p>';
}
Modified: trunk/squirrelmail/plugins/squirrelspell/sqspell_functions.php
===================================================================
--- trunk/squirrelmail/plugins/squirrelspell/sqspell_functions.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/squirrelspell/sqspell_functions.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -849,12 +849,12 @@
. _("SquirrelSpell was unable to decrypt your personal dictionary. This is most likely due to the fact that you have changed your mailbox password. In order to proceed, you will have to supply your old password so that SquirrelSpell can decrypt your personal dictionary. It will be re-encrypted with your new password after this. If you haven't encrypted your dictionary, then it got mangled and is no longer valid. You will have to delete it and start anew. This is also true if you don't remember your old password -- without it, the encrypted data is no longer accessible.") ,
'left' ) . "\n"
. (($lang) ? html_tag('p',sprintf(_("Your %s dictionary is encrypted with password that differs from your current password."),
- htmlspecialchars($lang)),'left') : '')
+ sm_encode_html_special_chars($lang)),'left') : '')
. '<blockquote>' . "\n"
. '<form method="post" onsubmit="return AYS()">' . "\n"
. '<input type="hidden" name="MOD" value="crypto_badkey" />' . "\n"
. (($lang) ?
- '<input type="hidden" name="dict_lang" value="'.htmlspecialchars($lang).'" />' :
+ '<input type="hidden" name="dict_lang" value="'.sm_encode_html_special_chars($lang).'" />' :
'<input type="hidden" name="old_setup" value="yes" />')
. html_tag( 'p', "\n" .
'<input type="checkbox" name="delete_words" value="ON" id="delete_words" />'
Modified: trunk/squirrelmail/plugins/translate/functions.php
===================================================================
--- trunk/squirrelmail/plugins/translate/functions.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/plugins/translate/functions.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -456,7 +456,7 @@
}
if (! is_null($charset))
- echo ' accept-charset="'.htmlspecialchars($charset).'"';
+ echo ' accept-charset="'.sm_encode_html_special_chars($charset).'"';
echo ">\n";
Modified: trunk/squirrelmail/src/addrbook_search.php
===================================================================
--- trunk/squirrelmail/src/addrbook_search.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/addrbook_search.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -70,7 +70,7 @@
/* Empty search */
if (empty($query) && empty($show) && !isset($listall)) {
- $oTemplate->assign('note', htmlspecialchars(_("No persons matching your search were found")));
+ $oTemplate->assign('note', sm_encode_html_special_chars(_("No persons matching your search were found")));
$oTemplate->display('note.tpl');
# exit;
}
@@ -125,7 +125,7 @@
}
if (!is_array($res)) {
- plain_error_message( _("Your search failed with the following error(s)") .':<br />'. nl2br(htmlspecialchars($abook->error)) );
+ plain_error_message( _("Your search failed with the following error(s)") .':<br />'. nl2br(sm_encode_html_special_chars($abook->error)) );
} elseif (sizeof($res) == 0) {
$oTemplate->assign('note', _("No persons matching your search were found"));
$oTemplate->display('note.tpl');
Modified: trunk/squirrelmail/src/addrbook_search_html.php
===================================================================
--- trunk/squirrelmail/src/addrbook_search_html.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/addrbook_search_html.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -157,7 +157,7 @@
}
if (!is_array($res)) {
- plain_error_message(_("Your search failed with the following error(s)") .':<br />'. nl2br(htmlspecialchars($abook->error)));
+ plain_error_message(_("Your search failed with the following error(s)") .':<br />'. nl2br(sm_encode_html_special_chars($abook->error)));
} elseif (sizeof($res) == 0) {
$oTemplate->assign('note', _("No persons matching your search were found"));
$oTemplate->display('note.tpl');
Modified: trunk/squirrelmail/src/addressbook.php
===================================================================
--- trunk/squirrelmail/src/addressbook.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/addressbook.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -233,7 +233,7 @@
$olddata = $abook->lookup($enick, $ebackend);
// Test if $olddata really contains anything and return an error message if it doesn't
if (!$olddata) {
- error_box(nl2br(htmlspecialchars($abook->error)));
+ error_box(nl2br(sm_encode_html_special_chars($abook->error)));
} else {
/* Display the "new address" form */
echo abook_create_form($form_url, 'editaddr',
@@ -255,7 +255,7 @@
/* Handle error messages */
if (!$r) {
/* Display error */
- plain_error_message( nl2br(htmlspecialchars($abook->error)));
+ plain_error_message( nl2br(sm_encode_html_special_chars($abook->error)));
/* Display the "new address" form again */
echo abook_create_form($form_url, 'editaddr',
@@ -299,7 +299,7 @@
/* Display error messages */
if (!empty($formerror)) {
- plain_error_message(nl2br(htmlspecialchars($formerror)));
+ plain_error_message(nl2br(sm_encode_html_special_chars($formerror)));
}
@@ -326,7 +326,7 @@
$addresses[$backend->bnum] = $a;
} else {
// list_addr() returns boolean
- plain_error_message(nl2br(htmlspecialchars($abook->error)));
+ plain_error_message(nl2br(sm_encode_html_special_chars($abook->error)));
}
} else {
$addresses[$backend->bnum] = $a;
Modified: trunk/squirrelmail/src/compose.php
===================================================================
--- trunk/squirrelmail/src/compose.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/compose.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -1346,10 +1346,10 @@
$oTemplate->assign('identity_def', $identity);
$oTemplate->assign('input_onfocus', 'onfocus="'.join(' ', $onfocus_array).'"');
- $oTemplate->assign('to', htmlspecialchars($send_to));
- $oTemplate->assign('cc', htmlspecialchars($send_to_cc));
- $oTemplate->assign('bcc', htmlspecialchars($send_to_bcc));
- $oTemplate->assign('subject', htmlspecialchars($subject));
+ $oTemplate->assign('to', sm_encode_html_special_chars($send_to));
+ $oTemplate->assign('cc', sm_encode_html_special_chars($send_to_cc));
+ $oTemplate->assign('bcc', sm_encode_html_special_chars($send_to_bcc));
+ $oTemplate->assign('subject', sm_encode_html_special_chars($subject));
// access keys...
//
@@ -1385,9 +1385,9 @@
} else {
$body_str = "\n\n".($prefix_sig==true? "-- \n":'').decodeHeader($signature,false,false);
}
- $body_str .= "\n\n".htmlspecialchars(decodeHeader($body,false,false));
+ $body_str .= "\n\n".sm_encode_html_special_chars(decodeHeader($body,false,false));
} else {
- $body_str = "\n\n".htmlspecialchars(decodeHeader($body,false,false));
+ $body_str = "\n\n".sm_encode_html_special_chars(decodeHeader($body,false,false));
// FIXME: test is specific to ja_JP translation implementation. See above comments.
if ($default_charset == 'iso-2022-jp') {
$body_str .= "\n\n".($prefix_sig==true? "-- \n":'').mb_convert_encoding($signature, 'EUC-JP');
@@ -1396,7 +1396,7 @@
}
}
} else {
- $body_str = htmlspecialchars(decodeHeader($body,false,false));
+ $body_str = sm_encode_html_special_chars(decodeHeader($body,false,false));
}
$oTemplate->assign('editor_width', (int)$editor_size);
@@ -1811,7 +1811,7 @@
$composeMessage->purgeAttachments();
return $success;
} else {
- $msg = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), htmlspecialchars($draft_folder));
+ $msg = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), sm_encode_html_special_chars($draft_folder));
plain_error_message($msg);
return false;
}
@@ -1832,7 +1832,7 @@
$msg .= '<br />'
. _("Server replied:") . ' '
. (isset($deliver->dlv_ret_nr) ? $deliver->dlv_ret_nr . ' ' : '')
- . nl2br(htmlspecialchars($deliver->dlv_server_msg));
+ . nl2br(sm_encode_html_special_chars($deliver->dlv_server_msg));
}
plain_error_message($msg);
} else {
Modified: trunk/squirrelmail/src/configtest.php
===================================================================
--- trunk/squirrelmail/src/configtest.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/configtest.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -267,7 +267,7 @@
|| strpos($variables_order, 'P') === FALSE
|| strpos($variables_order, 'C') === FALSE
|| strpos($variables_order, 'S') === FALSE) {
- do_err('Your variables_order setting is insufficient for SquirrelMail to function. It needs at least "GPCS", but you have it set to "' . htmlspecialchars($variables_order) . '"', true);
+ do_err('Your variables_order setting is insufficient for SquirrelMail to function. It needs at least "GPCS", but you have it set to "' . sm_encode_html_special_chars($variables_order) . '"', true);
} else {
echo $IND . "variables_order OK: $variables_order.<br />\n";
}
@@ -283,7 +283,7 @@
else if (strpos($gpc_order, 'G') === FALSE
|| strpos($gpc_order, 'P') === FALSE
|| strpos($gpc_order, 'C') === FALSE) {
- do_err('Your gpc_order setting is insufficient for SquirrelMail to function. It needs to be set to "GPC", but you have it set to "' . htmlspecialchars($gpc_order) . '"', true);
+ do_err('Your gpc_order setting is insufficient for SquirrelMail to function. It needs to be set to "GPC", but you have it set to "' . sm_encode_html_special_chars($gpc_order) . '"', true);
} else {
echo $IND . "gpc_order OK: $gpc_order.<br />\n";
}
@@ -479,7 +479,7 @@
// if plugin outputs more than newlines and spacing, stop script execution.
if (!empty($output)) {
- $plugin_load_error = 'Some output was produced when plugin <i>' . $name . '</i> was loaded. Usually this means there is an error in the plugin\'s setup or configuration file. The output was: '.htmlspecialchars($output);
+ $plugin_load_error = 'Some output was produced when plugin <i>' . $name . '</i> was loaded. Usually this means there is an error in the plugin\'s setup or configuration file. The output was: '.sm_encode_html_special_chars($output);
do_err($plugin_load_error);
}
}
@@ -588,9 +588,9 @@
echo $IND . "Default language OK.<br />\n";
}
-echo $IND . "Base URL detected as: <tt>" . htmlspecialchars($test_location) .
+echo $IND . "Base URL detected as: <tt>" . sm_encode_html_special_chars($test_location) .
"</tt> (location base " . (empty($config_location_base) ? 'autodetected' : 'set to <tt>' .
- htmlspecialchars($config_location_base)."</tt>") . ")<br />\n";
+ sm_encode_html_special_chars($config_location_base)."</tt>") . ")<br />\n";
/* check minimal requirements for other security options */
@@ -635,14 +635,14 @@
$errorNumber, $errorString);
if(!$stream) {
do_err("Error connecting to SMTP server \"$smtpServerAddress:$smtpPort\".".
- "Server error: ($errorNumber) ".htmlspecialchars($errorString));
+ "Server error: ($errorNumber) ".sm_encode_html_special_chars($errorString));
}
// check for SMTP code; should be 2xx to allow us access
$smtpline = fgets($stream, 1024);
if(((int) $smtpline{0}) > 3) {
do_err("Error connecting to SMTP server. Server error: ".
- htmlspecialchars($smtpline));
+ sm_encode_html_special_chars($smtpline));
}
/* smtp starttls checks */
@@ -694,7 +694,7 @@
$starttls_response=fgets($stream, 1024);
if ($starttls_response[0]!=2) {
$starttls_cmd_err = 'SMTP STARTTLS failed. Server replied: '
- .htmlspecialchars($starttls_response);
+ .sm_encode_html_special_chars($starttls_response);
do_err($starttls_cmd_err);
} elseif(! stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
do_err('Failed to enable encryption on SMTP STARTTLS connection.');
@@ -707,7 +707,7 @@
fputs($stream, 'QUIT');
fclose($stream);
echo $IND . 'SMTP server OK (<tt><small>'.
- trim(htmlspecialchars($smtpline))."</small></tt>)<br />\n";
+ trim(sm_encode_html_special_chars($smtpline))."</small></tt>)<br />\n";
/* POP before SMTP */
if($pop_before_smtp) {
@@ -715,13 +715,13 @@
$stream = fsockopen($pop_before_smtp_host, 110, $err_no, $err_str);
if (!$stream) {
do_err("Error connecting to POP Server ($pop_before_smtp_host:110) "
- . $err_no . ' : ' . htmlspecialchars($err_str));
+ . $err_no . ' : ' . sm_encode_html_special_chars($err_str));
}
$tmp = fgets($stream, 1024);
if (substr($tmp, 0, 3) != '+OK') {
do_err("Error connecting to POP Server ($pop_before_smtp_host:110)"
- . ' '.htmlspecialchars($tmp));
+ . ' '.sm_encode_html_special_chars($tmp));
}
fputs($stream, 'QUIT');
fclose($stream);
@@ -740,18 +740,18 @@
if(!$stream) {
do_err("Error connecting to IMAP server \"$imapServerAddress:$imapPort\".".
"Server error: ($errorNumber) ".
- htmlspecialchars($errorString));
+ sm_encode_html_special_chars($errorString));
}
/** Is the first response 'OK'? */
$imapline = fgets($stream, 1024);
if(substr($imapline, 0,4) != '* OK') {
do_err('Error connecting to IMAP server. Server error: '.
- htmlspecialchars($imapline));
+ sm_encode_html_special_chars($imapline));
}
echo $IND . 'IMAP server ready (<tt><small>'.
- htmlspecialchars(trim($imapline))."</small></tt>)<br />\n";
+ sm_encode_html_special_chars(trim($imapline))."</small></tt>)<br />\n";
/** Check capabilities */
fputs($stream, "A001 CAPABILITY\r\n");
@@ -773,7 +773,7 @@
$starttls_line=fgets($stream, 1024);
if (! preg_match("/^A002 OK.*/i",$starttls_line)) {
$imap_starttls_err = 'IMAP STARTTLS failed. Server replied: '
- .htmlspecialchars($starttls_line);
+ .sm_encode_html_special_chars($starttls_line);
do_err($imap_starttls_err);
} elseif (! stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
do_err('Failed to enable encryption on IMAP connection.');
@@ -793,7 +793,7 @@
}
}
-echo $IND . 'Capabilities: <tt>'.htmlspecialchars($capline)."</tt><br />\n";
+echo $IND . 'Capabilities: <tt>'.sm_encode_html_special_chars($capline)."</tt><br />\n";
if($imap_auth_mech == 'login' && stristr($capline, 'LOGINDISABLED') !== FALSE) {
do_err('Your server doesn\'t allow plaintext logins. '.
@@ -854,7 +854,7 @@
$display_locale = $setlocale;
$locale_count = 1;
}
- $tested_locales_msg = 'Tested '.htmlspecialchars($display_locale).' '
+ $tested_locales_msg = 'Tested '.sm_encode_html_special_chars($display_locale).' '
.($locale_count>1 ? 'locales':'locale'). '.';
echo $IND . $IND .$IND . $lang_data['NAME'].' (' .$lang_code. ') - ';
@@ -865,7 +865,7 @@
} else {
echo 'supported. '
.$tested_locales_msg
- .' setlocale() returned "'.htmlspecialchars($retlocale).'"';
+ .' setlocale() returned "'.sm_encode_html_special_chars($retlocale).'"';
}
echo "<br />\n";
}
@@ -918,7 +918,7 @@
echo "Webmail users can't change their time zone settings. \n";
}
if (isset($_ENV['TZ'])) {
- echo 'Default time zone is '.htmlspecialchars($_ENV['TZ']);
+ echo 'Default time zone is '.sm_encode_html_special_chars($_ENV['TZ']);
} else {
echo 'Current time zone is '.date('T');
}
@@ -977,7 +977,7 @@
$dbh = DB::connect($dsn, true);
if (DB::isError($dbh)) {
- do_err('Database error: '. htmlspecialchars(DB::errorMessage($dbh)) .
+ do_err('Database error: '. sm_encode_html_special_chars(DB::errorMessage($dbh)) .
' in ' .$type .' DSN.');
}
$dbh->disconnect();
Modified: trunk/squirrelmail/src/folders.php
===================================================================
--- trunk/squirrelmail/src/folders.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/folders.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -112,7 +112,7 @@
}
if (isset($td_str)) {
- $oTemplate->assign('note', htmlspecialchars($td_str));
+ $oTemplate->assign('note', sm_encode_html_special_chars($td_str));
$oTemplate->display('note.tpl');
}
@@ -197,8 +197,8 @@
}
if ($use_folder) {
- $box_enc = htmlspecialchars($box_a['unformatted-dm']);
- $box_disp = htmlspecialchars(imap_utf7_decode_local($box_a['unformatted-disp']));
+ $box_enc = sm_encode_html_special_chars($box_a['unformatted-dm']);
+ $box_disp = sm_encode_html_special_chars(imap_utf7_decode_local($box_a['unformatted-disp']));
$subbox_option_list[] = array( 'Value' => $box_enc, 'Display' => $box_disp);
}
}
Modified: trunk/squirrelmail/src/login.php
===================================================================
--- trunk/squirrelmail/src/login.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/login.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -63,7 +63,7 @@
$password_form_name = 'secretkey';
do_hook('login_cookie', $null);
-$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? htmlspecialchars($loginname) : '');
+$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? sm_encode_html_special_chars($loginname) : '');
//FIXME: should be part of the template, not the core!
/* Output the javascript onload function. */
Modified: trunk/squirrelmail/src/options_highlight.php
===================================================================
--- trunk/squirrelmail/src/options_highlight.php 2012-12-09 11:58:17 UTC (rev 14345)
+++ trunk/squirrelmail/src/options_highlight.php 2012-12-09 12:06:30 UTC (rev 14346)
@@ -124,10 +124,10 @@
foreach($message_highlight_list as $index=>$rule) {
$a = array();
- $a['Name'] = htmlspecialchars($rule['name']);
+ $a['Name'] = sm_encode_html_special_chars($rule['name']);
$a['Color'] = $rule['color'];
$a['MatchField'] = '';
- $a['MatchValue'] = htmlspecialchars($rule['value']);
+ $a['MatchValue'] = sm_encode_html_special_chars($rule['value']);
@@ Diff output truncated at 100000 characters. @@
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
