Changeset 419 in subversion for trunk/roundcubemail/program/include/main.inc

Timestamp:

Dec 20, 2006 9:06:33 AM (6 years ago)

Author:

thomasb

Message:

New (strict) quoting for all kind of strings

File:

• trunk/roundcubemail/program/include/main.inc (modified) (15 diffs)

trunk/roundcubemail/program/include/main.inc

@@ -735 +735 @@
   $framed = $GLOBALS['_framed'];
   $command = sprintf("display_message('%s', '%s');",
-                     rep_specialchars_output(rcube_label(array('name' => $message, 'vars' => $vars)), 'js'),
+                     JQ(rcube_label(array('name' => $message, 'vars' => $vars))),
                      $type);
                      
@@ -855 +855 @@
                                 $JS_OBJECT_NAME,
                                 $name,
-                                rep_specialchars_output(rcube_label($name), 'js')));  
+                                JQ(rcube_label($name))));
   }
 
@@ -898 +898 @@
 
 
-// convert a string from one charset to another
-// this function is not complete and not tested well
+/**
+ * Convert a string from one charset to another.
+ * Uses mbstring and iconv functions if possible
+ *
+ * @param  string Input string
+ * @param  string Suspected charset of the input string
+ * @param  string Target charset to convert to; defaults to $GLOBALS['CHARSET']
+ * @return Converted string
+ */
 function rcube_charset_convert($str, $from, $to=NULL)
   {
@@ -954 +961 @@
 
 
-
-// replace specials characters to a specific encoding type
+/**
+ * Replacing specials characters to a specific encoding type
+ *
+ * @param  string  Input string
+ * @param  string  Encoding type: text|html|xml|js|url
+ * @param  string  Replace mode for tags: show|replace|remove
+ * @param  boolean Convert newlines
+ * @return The quoted string
+ */
 function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE)
   {
   global $OUTPUT_TYPE, $OUTPUT;
-  static $html_encode_arr, $js_rep_table, $rtf_rep_table, $xml_rep_table;
+  static $html_encode_arr, $js_rep_table, $xml_rep_table;
 
   if (!$enctype)
@@ -1001 +1015 @@
     }
 
-
   if ($enctype=='url')
     return rawurlencode($str);
 
-
-  // if the replace tables for RTF, XML and JS are not yet defined
+  // if the replace tables for XML and JS are not yet defined
   if (!$js_rep_table)
     {
-    $js_rep_table = $rtf_rep_table = $xml_rep_table = array();
+    $js_rep_tabl = $xml_rep_table = array();
     $xml_rep_table['&'] = '&';
 
@@ -1015 +1027 @@
       {
       $hex = dechex($c);
-      $rtf_rep_table[Chr($c)] = "\\'$hex";
       $xml_rep_table[Chr($c)] = "&#$c;";
       
@@ -1026 +1037 @@
     }
 
-  // encode for RTF
+  // encode for XML
   if ($enctype=='xml')
     return strtr($str, $xml_rep_table);
@@ -1039 +1050 @@
     }
 
-  // encode for RTF
-  if ($enctype=='rtf')
-    return preg_replace("/\r\n/", "\par ", strtr($str, $rtf_rep_table));
-
   // no encoding given -> return original string
   return $str;
+  }
+
+/**
+ * Quote a given string. Alias function for rep_specialchars_output
+ * @see rep_specialchars_output
+ */
+function Q($str, $mode='strict', $newlines=TRUE)
+  {
+  return rep_specialchars_output($str, 'html', $mode, $newlines);
+  }
+
+/**
+ * Quote a given string. Alias function for rep_specialchars_output
+ * @see rep_specialchars_output
+ */
+function JQ($str, $mode='strict', $newlines=TRUE)
+  {
+  return rep_specialchars_output($str, 'js', $mode, $newlines);
   }
 
@@ -1249 +1274 @@
     case 'label':
       if ($attrib['name'] || $attrib['command'])
-        return rep_specialchars_output(rcube_label($attrib));
+        return Q(rcube_label($attrib));
       break;
 
@@ -1332 +1357 @@
         {
         $name = !empty($CONFIG['product_name']) ? $CONFIG['product_name'] : 'RoundCube Webmail';
-        return rep_specialchars_output($name, 'html', 'all');
+        return Q($name);
         }
       else if ($object=='version')
@@ -1354 +1379 @@
           $title .= ucfirst($task);
           
-        return rep_specialchars_output($title, 'html', 'all');
+        return Q($title);
         }
 
@@ -1420 +1445 @@
   // get localized text for labels and titles
   if ($attrib['title'])
-    $attrib['title'] = rep_specialchars_output(rcube_label($attrib['title']));
+    $attrib['title'] = Q(rcube_label($attrib['title']));
   if ($attrib['label'])
-    $attrib['label'] = rep_specialchars_output(rcube_label($attrib['label']));
+    $attrib['label'] = Q(rcube_label($attrib['label']));
 
   if ($attrib['alt'])
-    $attrib['alt'] = rep_specialchars_output(rcube_label($attrib['alt']));
+    $attrib['alt'] = Q(rcube_label($attrib['alt']));
 
   // set title to alt attribute for IE browsers
@@ -1538 +1563 @@
 
   foreach ($a_show_cols as $col)
-    $table .= '<td class="'.$col.'">' . rep_specialchars_output(rcube_label($col)) . "</td>\n";
+    $table .= '<td class="'.$col.'">' . Q(rcube_label($col)) . "</td>\n";
 
   $table .= "</tr></thead>\n<tbody>\n";
   
   $c = 0;
-
   if (!is_array($table_data)) 
     {
@@ -1555 +1579 @@
       foreach ($a_show_cols as $col)
         {
-        $cont = rep_specialchars_output($sql_arr[$col]);
-            $table .= '<td class="'.$col.'">' . $cont . "</td>\n";
+        $cont = Q($sql_arr[$col]);
+        $table .= '<td class="'.$col.'">' . $cont . "</td>\n";
         }
 
@@ -1574 +1598 @@
       foreach ($a_show_cols as $col)
         {
-        $cont = rep_specialchars_output($row_data[$col]);
-            $table .= '<td class="'.$col.'">' . $cont . "</td>\n";
+        $cont = Q($row_data[$col]);
+        $table .= '<td class="'.$col.'">' . $cont . "</td>\n";
         }