X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Ffolder_manip.php;h=5cc21b91ee6d098a87194f6cf226750b72b0fe5c;hb=92b1e8978f9eec3426a1662cd906820f32ac938b;hp=ee7b825b36b97e3c5e04374633c9ac807b408408;hpb=30460a05016c7e066ad7b28df7788539e4054a99;p=squirrelmail.git

diff --git a/functions/folder_manip.php b/functions/folder_manip.php
index ee7b825b..5cc21b91 100644
--- a/functions/folder_manip.php
+++ b/functions/folder_manip.php
@@ -7,7 +7,7 @@
  * (un)subscribe, create, rename, delete.
  *
  * @author Thijs Kinkhorst <kink at squirrelmail.org>
- * @copyright 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2016 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -124,9 +124,9 @@ function folders_rename_getname ($imapConnection, $delimiter, $old) {
     sqimap_logout($imapConnection);
 
     $oTemplate->assign('dialog_type', 'rename');
-    $oTemplate->assign('parent_folder', htmlspecialchars($old_parent));
-    $oTemplate->assign('current_full_name', htmlspecialchars($old));
-    $oTemplate->assign('current_folder_name', htmlspecialchars($old_name));
+    $oTemplate->assign('parent_folder', sm_encode_html_special_chars($old_parent));
+    $oTemplate->assign('current_full_name', sm_encode_html_special_chars($old));
+    $oTemplate->assign('current_folder_name', sm_encode_html_special_chars($old_name));
     $oTemplate->assign('is_folder', $isfolder);
     
     $oTemplate->display('folder_manip_dialog.tpl');
@@ -198,8 +198,8 @@ function folders_delete_ask ($imapConnection, $folder_name)
     sqimap_logout($imapConnection);
 
     $oTemplate->assign('dialog_type', 'delete');
-    $oTemplate->assign('folder_name', htmlspecialchars($folder_name));
-    $oTemplate->assign('visible_folder_name', htmlspecialchars($visible_folder_name));
+    $oTemplate->assign('folder_name', sm_encode_html_special_chars($folder_name));
+    $oTemplate->assign('visible_folder_name', sm_encode_html_special_chars($visible_folder_name));
     
     $oTemplate->display('folder_manip_dialog.tpl');
     $oTemplate->display('footer.tpl');
@@ -226,7 +226,7 @@ function folders_delete_do ($imapConnection, $delimiter, $folder_name)
 
     /** lets see if we CAN move folders to the trash.. otherwise,
         ** just delete them **/
-    if ($delete_folder || preg_match('/^' . $trash_folder . '.+/i', $folder_name) ) {
+    if ($delete_folder || preg_match('/^' . preg_quote($trash_folder, '/') . '.+/i', $folder_name) ) {
         $can_move_to_trash = FALSE;
     } else {
     /* Otherwise, check if trash folder exits and support sub-folders */