projects / squirrelmail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2b6b400)
HTML escaping.
authorkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 26 Apr 2004 23:24:21 +0000 (23:24 +0000)
committerkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 26 Apr 2004 23:24:21 +0000 (23:24 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7268 7612ce4b-ef26-0410-bec9-ea0150e637f0

src/read_body.php patch | blob | blame | history
src/vcard.php patch | blob | blame | history

diff --git a/src/read_body.php b/src/read_body.php
index 9cce574aeb8d89ab742cfbd0968e8395181669a3..3e431c6449227ca18ea6fa1f29ebdde1b757d743 100644 (file)
--- a/src/read_body.php
+++ b/src/read_body.php
@@ -125,9 +125,9 @@ function findPreviousMessage($numMessages, $passed_id) {
 function printer_friendly_link($mailbox, $passed_id, $passed_ent_id) {
     global $javascript_on, $color;
 
-    $params = '?passed_ent_id=' . $passed_ent_id .
+    $params = '?passed_ent_id=' . urlencode($passed_ent_id) .
               '&mailbox=' . urlencode($mailbox) .
-              '&passed_id=' . $passed_id;
+              '&passed_id=' . urlencode($passed_id);
 
     $print_text = _("View Printable Version");
 
diff --git a/src/vcard.php b/src/vcard.php
index 9db7437d4f2c16be9908a119c44aa3c42b11fe2b..1fac0172c3c353303ffd81d0910213fd3fd0b8f3 100644 (file)
--- a/src/vcard.php
+++ b/src/vcard.php
@@ -48,8 +48,8 @@ echo '<br><table width="100%" border="0" cellspacing="0" cellpadding="2" ' .
         '<b><center>' .
         _("Viewing a Business Card") . " - ";
 $msg_url = 'read_body.php?mailbox='.urlencode($mailbox).
-    '&amp;startMessage='.$startMessage.
-    '&amp;passed_id='.$passed_id;
+    '&amp;startMessage='.urlencode($startMessage).
+    '&amp;passed_id='.urlencode($passed_id);
 
 $msg_url = set_url_var($msg_url, 'ent_id', 0);
 
@@ -200,7 +200,7 @@ echo    '</td></tr>' .
         '</td></tr>' .
         '<tr><td align=center>' .
         '<a href="../src/download.php?absolute_dl=true&amp;passed_id=' .
-        $passed_id . '&amp;mailbox=' . urlencode($mailbox) .
+        urlencode($passed_id) . '&amp;mailbox=' . urlencode($mailbox) .
         '&amp;ent_id=' . urlencode($ent_id) . '">' .
         _("Download this as a file") . '</A>' .
         '</TD></TR></TABLE>' .
Unnamed repository; edit this file 'description' to name the repository.