X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=plugins%2Fnewmail%2Ffunctions.php;h=71a6d93945f6840f02f55e36a5d80886598d6678;hb=c4faef335b2362c81b8ebf026d4066c12d70536c;hp=c85f63e648fab25a88572e4fda3e0d916c1702e4;hpb=c80190fcbdd88b10f9071bd057a0408ff9243c4a;p=squirrelmail.git

diff --git a/plugins/newmail/functions.php b/plugins/newmail/functions.php
index c85f63e6..71a6d939 100644
--- a/plugins/newmail/functions.php
+++ b/plugins/newmail/functions.php
@@ -5,7 +5,7 @@
  *
  * Functions
  *
- * @copyright © 2001-2007 The SquirrelMail Project Team
+ * @copyright 2001-2020 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
@@ -691,7 +691,7 @@ function newmail_media_embed_close($type) {
 /**
  * Converts media attributes to string
  * Warning:
- * * attribute values are automatically sanitized by htmlspecialchars()
+ * * attribute values are automatically sanitized by sm_encode_html_special_chars()
  * * This is internal function, use newmail_media_objects() instead
  * @param array $args array with object attributes
  * @return string string with object attributes
@@ -699,7 +699,7 @@ function newmail_media_embed_close($type) {
 function newmail_media_prepare_args($args) {
     $ret_args='';
     foreach ($args as $arg => $value) {
-        $ret_args.= $arg . '="' . htmlspecialchars($value) . '" ';
+        $ret_args.= $arg . '="' . sm_encode_html_special_chars($value) . '" ';
     }
     return $ret_args;
 }