Changeset 5164670 in github

Timestamp:

May 27, 2011 9:01:05 AM (2 years ago)

Author:

alecpl <alec@…>

Branches:

master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8

Children:

d9641b0

Parents:

d7344819

Message:

• Fix handling of "<" character in contact data, search fields and folder names, identity name and organization fields (#1487864)

Files:

• CHANGELOG (modified) (1 diff)
• program/include/main.inc (modified) (1 diff)
• program/steps/addressbook/save.inc (modified) (5 diffs)
• program/steps/addressbook/search.inc (modified) (1 diff)
• program/steps/mail/search.inc (modified) (1 diff)
• program/steps/settings/save_identity.inc (modified) (2 diffs)

CHANGELOG

@@ -2 +2 @@
 ===========================
 
+- Fix handling of "<" character in contact data, search fields and folder names (#1487864)
+- Fix saving "<" character in identity name and organization fields (#1487864)
 - Added option to specify to which address book add new contacts
 - Added plugin hook for keep-alive requests

program/include/main.inc

@@ -868 +868 @@
   // use value from post
   if (isset($_POST[$fname])) {
-    $postvalue = get_input_value($fname, RCUBE_INPUT_POST,
-      $type == 'textarea' && strpos($attrib['class'], 'mce_editor')!==false ? true : false);
+    $postvalue = get_input_value($fname, RCUBE_INPUT_POST, true);
     $value = $attrib['array'] ? $postvalue[intval($colcounts[$col]++)] : $postvalue;
   }

program/steps/addressbook/save.inc

@@ -96 +96 @@
 }
 
-
 // read POST values into hash array
 $a_record = array();
@@ -107 +106 @@
     $values = array();
     foreach ($colprop['childs'] as $childcol => $cp) {
-      $vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST);
+      $vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST, true);
       foreach ((array)$vals as $i => $val)
         $values[$i][$childcol] = $val;
@@ -118 +117 @@
   // assign values and subtypes
   else if (is_array($_POST[$fname])) {
-    $values = get_input_value($fname, RCUBE_INPUT_POST);
+    $values = get_input_value($fname, RCUBE_INPUT_POST, true);
     $subtypes = get_input_value('_subtype_' . $col, RCUBE_INPUT_POST);
     foreach ($values as $i => $val) {
@@ -126 +125 @@
   }
   else if (isset($_POST[$fname])) {
-    $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST);
+    $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST, true);
   }
 }
@@ -191 +190 @@
 
     foreach (array('name', 'email') as $col)
-      $a_js_cols[] = (string)$record[$col];
+      $a_js_cols[] = Q((string)$record[$col]);
 
     // update the changed col in list

program/steps/addressbook/search.inc

@@ -23 +23 @@
 $_SESSION['page'] = 1;
 
-$search = trim(get_input_value('_q', RCUBE_INPUT_GET));
+$search = trim(get_input_value('_q', RCUBE_INPUT_GET, true));
 $search_request = md5('addr'.$search);
 

program/steps/mail/search.inc

@@ -28 +28 @@
 
 // get search string
-$str = get_input_value('_q', RCUBE_INPUT_GET);
-$filter = get_input_value('_filter', RCUBE_INPUT_GET);
-$mbox = get_input_value('_mbox', RCUBE_INPUT_GET);
+$str     = get_input_value('_q', RCUBE_INPUT_GET, true);
+$mbox    = get_input_value('_mbox', RCUBE_INPUT_GET, true);
+$filter  = get_input_value('_filter', RCUBE_INPUT_GET);
 $headers = get_input_value('_headers', RCUBE_INPUT_GET);
+
 $search_request = md5($mbox.$filter.$str);
 

program/steps/settings/save_identity.inc

@@ -23 +23 @@
 
 $a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature', 'html_signature');
-$a_html_cols = array('signature');
+$a_html_cols = array('signature', 'name', 'organization');
 $a_boolean_cols = array('standard', 'html_signature');
 $updated = $default_id = false;
@@ -29 +29 @@
 // check input
 if (empty($_POST['_name']) || (empty($_POST['_email']) && IDENTITIES_LEVEL != 1 && IDENTITIES_LEVEL != 3))
-  {
+{
   $OUTPUT->show_message('formincomplete', 'warning');
   rcmail_overwrite_action('edit-identity');
   return;
-  }
+}