*
* Display Identities Options
*
- * @copyright 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2017 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
if (!empty($smaction) && is_array($smaction)) {
// first do a security check
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
$doaction = '';
$identid = 0;
$a['Title'] = $key==0 ? _("Default Identity") : sprintf(_("Alternate Identity %d"), $key);
$a['New'] = false;
$a['Default'] = $key==0;
- $a['FullName'] = htmlspecialchars($ident['full_name']);
- $a['Email'] = htmlspecialchars($ident['email_address']);
- $a['ReplyTo'] = htmlspecialchars($ident['reply_to']);
- $a['Signature'] = htmlspecialchars($ident['signature']);
+ $a['FullName'] = sm_encode_html_special_chars($ident['full_name']);
+ $a['Email'] = sm_encode_html_special_chars($ident['email_address']);
+ $a['ReplyTo'] = sm_encode_html_special_chars($ident['reply_to']);
+ $a['Signature'] = sm_encode_html_special_chars($ident['signature']);
$i[$key] = $a;
}
/**
* Returns html formated identity form fields
*
- * Contains options_identities_buttons and option_identities_table hooks.
+ * Contains options_identities_buttons and options_identities_table hooks.
* Before 1.4.5/1.5.1 hooks were placed in ShowTableInfo() function.
* In 1.1.3-1.4.1 they were called in do_hook function with two or
* three arguments. Since 1.4.1 hooks are called in concat_hook_function.
* Creates html formated table row with input field
* @param string $title Name displayed next to input field
* @param string $name Name of input field
- * @param string $data Default value of input field (data is sanitized with htmlspecialchars)
+ * @param string $data Default value of input field (data is sanitized with sm_encode_html_special_chars)
* @param string $bgcolor html attributes added to row element (tr)
* @return string html formated table row with text input field
* @since 1.2.0 (arguments differ since 1.4.5/1.5.1)
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
$str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' </td>' . "\n";
- $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. htmlspecialchars($data) . '" /> </td>' . "\n";
+ $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. sm_encode_html_special_chars($data) . '" /> </td>' . "\n";
$str .= '</tr>';
return $str;
* Creates html formated table row with textarea field
* @param string $title Name displayed next to textarea field
* @param string $name Name of textarea field
- * @param string $data Default value of textarea field (data is sanitized with htmlspecialchars)
+ * @param string $data Default value of textarea field (data is sanitized with sm_encode_html_special_chars)
* @param string $bgcolor html attributes added to row element (tr)
* @return string html formated table row with textarea
* @since 1.2.5 (arguments differ since 1.4.5/1.5.1)
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
$str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' </td>' . "\n";
- $str .= ' <td> <textarea name="' . $name . '" cols="50" rows="5">'. htmlspecialchars($data) . '</textarea> </td>' . "\n";
+ $str .= ' <td> <textarea name="' . $name . '" cols="50" rows="5">'. sm_encode_html_special_chars($data) . '</textarea> </td>' . "\n";
$str .= '</tr>';
return $str;