$value = substr($value,strlen($charset)+1);
/* FIXME: What's the status of charset decode with language information ????
* Maybe language information contains only ascii text and charset_decode()
- * only runs htmlspecialchars() on it. If it contains 8bit information, you
+ * only runs sm_encode_html_special_chars() on it. If it contains 8bit information, you
* get html encoded text in charset used by selected translation.
*/
$value = charset_decode($charset,$value);
* @param mixed $value the value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function assign($tpl_var, $value = NULL) {
* @param mixed $value the referenced value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function assign_by_ref($tpl_var, &$value) {
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function append($tpl_var, $value = NULL, $merge = FALSE)
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function append_by_ref($tpl_var, &$value, $merge = FALSE)
* @param mixed $value the value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function assign($tpl_var, $value = NULL) {
* @param mixed $value the referenced value to assign
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function assign_by_ref($tpl_var, &$value) {
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function append($tpl_var, $value = NULL, $merge = FALSE) {
* variable values
FIXME: Proposed idea to add a parameter here that turns variable
encoding on, so that we can make sure output is always
- run through something like htmlspecialchars() (maybe even nl2br()?)
+ run through something like sm_encode_html_special_chars() (maybe even nl2br()?)
*
*/
function append_by_ref($tpl_var, &$value, $merge = FALSE) {
if (empty($template)) {
- trigger_error('The template "' . htmlspecialchars($file)
+ trigger_error('The template "' . sm_encode_html_special_chars($file)
. '" could not be fetched!', E_USER_ERROR);
} else {
* display address book init errors.
*/
if ($abook_init_error!='' && $showerr) {
- error_box(nl2br(htmlspecialchars($abook_init_error)));
+ error_box(nl2br(sm_encode_html_special_chars($abook_init_error)));
}
/* Return the initialized object */
*
* Extra field can be used to add link to form, which allows
* to modify all fields supported by backend. This is the only field
- * that is not sanitized with htmlspecialchars. Backends MUST make
+ * that is not sanitized with sm_encode_html_special_chars. Backends MUST make
* sure that field data is sanitized and displayed correctly inside
* table cell. Use of html formating in other address book fields is
* not allowed. Backends that don't return 'extra' row in address book
$Args[0]['attachment_common']['href'] = Where it links to */
sqgetGlobalVar('QUERY_STRING', $QUERY_STRING, SQ_SERVER);
- // if htmlspecialchars() breaks something - find other way to encode & in url.
+ // if sm_encode_html_special_chars() breaks something - find other way to encode & in url.
$Args[0]['attachment_common']['href'] = $base_uri . 'src/view_text.php?'. $QUERY_STRING;
$Args[0]['attachment_common']['href'] =
set_url_var($Args[0]['attachment_common']['href'],
$link = array (
'URL' => sqm_baseuri()."src/right_main.php?sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox",
'TEXT' => sprintf (_("Click here to return to %s"),
- strtoupper($mailbox) == 'INBOX' ? _("INBOX") : htmlspecialchars(imap_utf7_decode_local($mailbox)))
+ strtoupper($mailbox) == 'INBOX' ? _("INBOX") : sm_encode_html_special_chars(imap_utf7_decode_local($mailbox)))
);
error_box($message, $link);
}
sqimap_logout($imapConnection);
$oTemplate->assign('dialog_type', 'rename');
- $oTemplate->assign('parent_folder', htmlspecialchars($old_parent));
- $oTemplate->assign('current_full_name', htmlspecialchars($old));
- $oTemplate->assign('current_folder_name', htmlspecialchars($old_name));
+ $oTemplate->assign('parent_folder', sm_encode_html_special_chars($old_parent));
+ $oTemplate->assign('current_full_name', sm_encode_html_special_chars($old));
+ $oTemplate->assign('current_folder_name', sm_encode_html_special_chars($old_name));
$oTemplate->assign('is_folder', $isfolder);
$oTemplate->display('folder_manip_dialog.tpl');
sqimap_logout($imapConnection);
$oTemplate->assign('dialog_type', 'delete');
- $oTemplate->assign('folder_name', htmlspecialchars($folder_name));
- $oTemplate->assign('visible_folder_name', htmlspecialchars($visible_folder_name));
+ $oTemplate->assign('folder_name', sm_encode_html_special_chars($folder_name));
+ $oTemplate->assign('visible_folder_name', sm_encode_html_special_chars($visible_folder_name));
$oTemplate->display('folder_manip_dialog.tpl');
$oTemplate->display('footer.tpl');
* forms.php - html form functions
*
* Functions to build forms in a safe and consistent manner.
- * All attribute values are sanitized with htmlspecialchars().
+ * All attribute values are sanitized with sm_encode_html_special_chars().
//FIXME: I think the Template class might be better place to sanitize inside assign() method
*
* Currently functions don't provide simple wrappers for file and
global $oTemplate;
$oTemplate->assign('type', $sType);
-//FIXME: all the values in the $aAttribs list used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value);
+//FIXME: all the values in the $aAttribs list used to go thru sm_encode_html_special_chars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = sm_encode_html_special_chars($value);
$oTemplate->assign('aAttribs', $aAttribs);
return $oTemplate->fetch('input.tpl');
if (!$bMultiple && count($aValues) == 1) {
$k = key($aValues); $v = array_pop($aValues);
return addHidden($sName, ($bUsekeys ? $k : $v), $aAttribs)
- . htmlspecialchars($v);
+ . sm_encode_html_special_chars($v);
}
if (! isset($aAttribs['id'])) $aAttribs['id'] = $sName;
global $oTemplate;
-//FIXME: all the values in the $aAttribs list and $sName and both the keys and values in $aValues used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sName = htmlspecialchars($sName); $aNewValues = array(); foreach ($aValues as $key => $value) $aNewValues[htmlspecialchars($key)] = htmlspecialchars($value); $aValues = $aNewValues; And probably this too because it has to be matched to a value that has already been sanitized: $default = htmlspecialchars($default); (oops, watch out for when $default is an array! (multiple select lists))
+//FIXME: all the values in the $aAttribs list and $sName and both the keys and values in $aValues used to go thru sm_encode_html_special_chars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = sm_encode_html_special_chars($value); $sName = sm_encode_html_special_chars($sName); $aNewValues = array(); foreach ($aValues as $key => $value) $aNewValues[sm_encode_html_special_chars($key)] = sm_encode_html_special_chars($value); $aValues = $aNewValues; And probably this too because it has to be matched to a value that has already been sanitized: $default = sm_encode_html_special_chars($default); (oops, watch out for when $default is an array! (multiple select lists))
$oTemplate->assign('aAttribs', $aAttribs);
$oTemplate->assign('aValues', $aValues);
$oTemplate->assign('bUsekeys', $bUsekeys);
global $oTemplate;
-//FIXME: all the values in the $aAttribs list as well as $sName and $sText used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sName = htmlspecialchars($sName); $sText = htmlspecialchars($sText);
+//FIXME: all the values in the $aAttribs list as well as $sName and $sText used to go thru sm_encode_html_special_chars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = sm_encode_html_special_chars($value); $sName = sm_encode_html_special_chars($sName); $sText = sm_encode_html_special_chars($sText);
$oTemplate->assign('aAttribs', $aAttribs);
$oTemplate->assign('name', $sName);
$oTemplate->assign('text', $sText);
global $oTemplate;
-//FIXME: all the values in the $aAttribs list as well as $charset used to go thru htmlspecialchars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = htmlspecialchars($value); $sCharset = htmlspecialchars($sCharset);
+//FIXME: all the values in the $aAttribs list as well as $charset used to go thru sm_encode_html_special_chars()... I would propose that most everything that is assigned to the template should go thru that *in the template class* on its way between here and the actual template file. Otherwise we have to do something like: foreach ($aAttribs as $key => $value) $aAttribs[$key] = sm_encode_html_special_chars($value); $sCharset = sm_encode_html_special_chars($sCharset);
$oTemplate->assign('aAttribs', $aAttribs);
$oTemplate->assign('name', $sName);
$oTemplate->assign('method', $sMethod);
/**
- * Sanitize a value using htmlspecialchars() or similar, but also
- * recursively run htmlspecialchars() (or similar) on array keys
+ * Sanitize a value using sm_encode_html_special_chars() or similar, but also
+ * recursively run sm_encode_html_special_chars() (or similar) on array keys
* and values.
*
* If $value is not a string or an array with strings in it,
if ($quote_style === TRUE)
return str_replace(array('\'', '"'), array(''', '"'), $value);
else
- return htmlspecialchars($value, $quote_style);
+ return sm_encode_html_special_chars($value, $quote_style);
}
// anything else gets returned with no changes
'sqimap_run_command or sqimap_run_command_list instead<br /><br />'.
'The following query was issued:<br />'.
//FIXME: NO HTML IN CORE!
- htmlspecialchars($query) . '<br />' . "</font><br />\n";
+ sm_encode_html_special_chars($query) . '<br />' . "</font><br />\n";
error_box($string);
$oTemplate->display('footer.tpl');
exit;
$cmd= strtolower($cmd[0]);
if ($query != '' && $cmd != 'login')
- $string .= _("Query:") . ' ' . htmlspecialchars($query) . '<br />';
+ $string .= _("Query:") . ' ' . sm_encode_html_special_chars($query) . '<br />';
if ($message_title != '')
$string .= $message_title;
if ($message != '')
- $string .= htmlspecialchars($message);
+ $string .= sm_encode_html_special_chars($message);
//FIXME: NO HTML IN CORE!
$string .= "</font><br />\n";
if ($link != '')
//FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here
if ($response != 'NO') {
/* "BAD" and anything else gets reported here. */
- $message = htmlspecialchars($message);
+ $message = sm_encode_html_special_chars($message);
set_up_language($squirrelmail_language, true);
if ($response == 'BAD') {
if ($hide == 3) return sprintf(_("Bad request: %s"), $message);
if (isset($read) && is_array($read)) {
$string .= '<br />' . _("Read data:") . "<br />\n";
foreach ($read as $line) {
- $string .= htmlspecialchars($line) . "<br />\n";
+ $string .= sm_encode_html_special_chars($line) . "<br />\n";
}
}
error_box($string);
*/
if (strstr($mailbox, '../') || substr($mailbox, 0, 1) == '/') {
global $oTemplate;
- error_box(sprintf(_("Invalid mailbox name: %s"),htmlspecialchars($mailbox)));
+ error_box(sprintf(_("Invalid mailbox name: %s"),sm_encode_html_special_chars($mailbox)));
sqimap_logout($imap_stream);
$oTemplate->display('footer.tpl');
die();
// i18n: Name of Drafts folder
$box2 = $pad . _("Drafts");
} else {
- $box2 = str_replace('&nbsp;&nbsp;', '. ', htmlspecialchars($boxes_part['formatted']));
+ $box2 = str_replace('&nbsp;&nbsp;', '. ', sm_encode_html_special_chars($boxes_part['formatted']));
}
break;
case SMPREF_MAILBOX_SELECT_INDENTED:
$pad = str_pad('',12 * (count(explode($delimiter,$boxes_part['unformatted-dm']))-1),' ');
$box2 = $pad . _("Drafts");
} else {
- $box2 = str_replace('&nbsp;&nbsp;', ' ', htmlspecialchars($boxes_part['formatted']));
+ $box2 = str_replace('&nbsp;&nbsp;', ' ', sm_encode_html_special_chars($boxes_part['formatted']));
}
break;
default: /* default, long names, style = 0 */
- $box2 = str_replace(' ', ' ', htmlspecialchars(imap_utf7_decode_local($boxes_part['unformatted-disp'])));
+ $box2 = str_replace(' ', ' ', sm_encode_html_special_chars(imap_utf7_decode_local($boxes_part['unformatted-disp'])));
break;
}
}
- $a[htmlspecialchars($box)] = $box2;
+ $a[sm_encode_html_special_chars($box)] = $box2;
}
}
$str = '';
foreach ($boxes as $value=>$option) {
- $lowerbox = strtolower(htmlspecialchars($value));
+ $lowerbox = strtolower(sm_encode_html_special_chars($value));
$sel = false;
if ($show_selected != 0) {
reset($show_selected);
while (!$sel && (list($x, $val) = each($show_selected))) {
- if (strtolower($value) == strtolower(htmlspecialchars($val))) {
+ if (strtolower($value) == strtolower(sm_encode_html_special_chars($val))) {
$sel = true;
}
}
$aMsg['ID'] = $id;
$fetch = substr($read,$i_space+1,5);
if (!is_numeric($id) && $fetch !== 'FETCH') {
- $aMsg['ERROR'] = $read; // htmlspecialchars should be done just before display. this is backend code
+ $aMsg['ERROR'] = $read; // sm_encode_html_special_chars should be done just before display. this is backend code
break;
}
$i = strpos($read,'(',$i_space+5);
$sMailbox = (isset($aAddr[SQM_ADDR_MAILBOX])) ? $aAddr[SQM_ADDR_MAILBOX] : '';
$sHost = (isset($aAddr[SQM_ADDR_HOST])) ? $aAddr[SQM_ADDR_HOST] : '';
if ($sPersonal) {
- $title .= htmlspecialchars($sMailbox.'@'.$sHost).', ';
+ $title .= sm_encode_html_special_chars($sMailbox.'@'.$sHost).', ';
} else {
// if $value gets truncated we need to add the addresses with no
// personal name as well
- $title_maybe .= htmlspecialchars($sMailbox.'@'.$sHost).', ';
+ $title_maybe .= sm_encode_html_special_chars($sMailbox.'@'.$sHost).', ';
}
}
if ($title) {
displayPageHeader( $color, $mailbox );
$errormessage = _("SquirrelMail could not decode the bodystructure of the message");
$errormessage .= '<br />'._("The bodystructure provided by your IMAP server:").'<br /><br />';
- $errormessage .= '<pre>' . htmlspecialchars($read) . '</pre>';
+ $errormessage .= '<pre>' . sm_encode_html_special_chars($read) . '</pre>';
plain_error_message( $errormessage );
echo '</body></html>';
exit;
$this_attachment['DownloadHREF'] = $links['download link']['href'];
$this_attachment['ViewHREF'] = isset($links['attachment_common']) ? $links['attachment_common']['href'] : '';
$this_attachment['Size'] = $header->size;
- $this_attachment['ContentType'] = htmlspecialchars($type0 .'/'. $type1);
+ $this_attachment['ContentType'] = sm_encode_html_special_chars($type0 .'/'. $type1);
$this_attachment['OtherLinks'] = array();
foreach ($links as $val) {
if ($val['text']==_("Download") || $val['text'] == _("View"))
$iLastMatch = $i;
$j = $i;
if ($htmlsafe) {
- $ret .= htmlspecialchars($res[1]);
+ $ret .= sm_encode_html_special_chars($res[1]);
} else {
$ret .= $res[1];
}
}
} else {
if ($htmlsafe) {
- $replace = htmlspecialchars($replace);
+ $replace = sm_encode_html_special_chars($replace);
}
$ret.= $replace;
}
}
} else {
if ($htmlsafe) {
- $replace = htmlspecialchars($replace);
+ $replace = sm_encode_html_special_chars($replace);
}
}
$ret .= $replace;
}
if (!$encoded && $htmlsafe) {
- $ret .= htmlspecialchars($chunk);
+ $ret .= sm_encode_html_special_chars($chunk);
} else {
$ret .= $chunk;
}
//TODO: might be better to have a separate template file for all widgets, because then the layout of the widget and the "trailing text" can be customized - they are still hard coded here
if ($password)
- return addPwField('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text);
+ return addPwField('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . sm_encode_html_special_chars($this->trailing_text);
else
- return addInput('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text);
+ return addInput('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . sm_encode_html_special_chars($this->trailing_text);
}
/**
$height = 5;
}
- return addSelect('new_' . $this->name, $this->possible_values, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height, !$this->htmlencoded) . htmlspecialchars($this->trailing_text);
+ return addSelect('new_' . $this->name, $this->possible_values, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height, !$this->htmlencoded) . sm_encode_html_special_chars($this->trailing_text);
}
$option_list = array('ignore' => _("unavailable"));
- return addSelect('new_' . $this->name, $option_list, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height) . htmlspecialchars($this->trailing_text);
+ return addSelect('new_' . $this->name, $option_list, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height) . sm_encode_html_special_chars($this->trailing_text);
}
*/
function createWidget_Submit() {
- return addSubmit($this->comment, $this->name, $this->aExtraAttribs) . htmlspecialchars($this->trailing_text);
+ return addSubmit($this->comment, $this->name, $this->aExtraAttribs) . sm_encode_html_special_chars($this->trailing_text);
}
* this explains the imap_mailbox.php dependency. We should instead store
* the selected mailbox in the session and fallback to the session var.
*/
- $shortBoxName = htmlspecialchars(imap_utf7_decode_local(
+ $shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local(
readShortMailboxName($mailbox, $delimiter)));
if (getPref($data_dir, $username, 'translate_special_folders')) {
global $sent_folder, $trash_folder, $draft_folder;
}
+/**
+ * Wrapper for PHP's htmlspecialchars() that
+ * attempts to add the correct character encoding
+ *
+ * @param string $string The string to be converted
+ * @param int $flags A bitmask that controls the behavior of htmlspecialchars()
+ * (See http://php.net/manual/function.htmlspecialchars.php )
+ * (OPTIONAL; default ENT_COMPAT)
+ * @param string $encoding The character encoding to use in the conversion
+ * (OPTIONAL; default automatic detection)
+ * @param boolean $double_encode Whether or not to convert entities that are
+ * already in the string (only supported in
+ * PHP 5.2.3+) (OPTIONAL; default TRUE)
+ *
+ * @return string The converted text
+ *
+ */
+function sm_encode_html_special_chars($string, $flags=ENT_COMPAT,
+ $encoding=NULL, $double_encode=TRUE)
+{
+ if (!$encoding)
+ {
+ global $default_charset;
+ if ($default_charset == 'iso-2022-jp')
+ $default_charset = 'EUC-JP';
+ $encoding = $default_charset;
+ }
+
+// TODO: Is adding this check an unnecessary performance hit?
+ if (check_php_version(5, 2, 3))
+ return htmlspecialchars($string, $flags, $encoding, $double_encode);
+
+ return htmlspecialchars($string, $flags, $encoding);
+}
+
* or
* contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E
* because it doesn't bother with broken tags.
- * htmlspecialchars() is the preferred method.
+ * sm_encode_html_special_chars() is the preferred method.
* QUERY_STRING also needs the same treatment since it is
* used in php_self().
* Update again: the encoding of ampersands that occurs
- * using htmlspecialchars() corrupts the query strings
+ * using sm_encode_html_special_chars() corrupts the query strings
* in normal URIs, so we have to let those through.
FIXME: will the de-sanitizing of ampersands create any security/XSS problems?
*/
if (isset($_SERVER['REQUEST_URI']))
- $_SERVER['REQUEST_URI'] = str_replace('&', '&', htmlspecialchars($_SERVER['REQUEST_URI']));
+ $_SERVER['REQUEST_URI'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['REQUEST_URI']));
if (isset($_SERVER['PHP_SELF']))
- $_SERVER['PHP_SELF'] = str_replace('&', '&', htmlspecialchars($_SERVER['PHP_SELF']));
+ $_SERVER['PHP_SELF'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['PHP_SELF']));
if (isset($_SERVER['QUERY_STRING']))
- $_SERVER['QUERY_STRING'] = str_replace('&', '&', htmlspecialchars($_SERVER['QUERY_STRING']));
+ $_SERVER['QUERY_STRING'] = str_replace('&', '&', sm_encode_html_special_chars($_SERVER['QUERY_STRING']));
$PHP_SELF = php_self();
* @param string $string Text to be decoded
* @param boolean $force_decode converts string to html without $charset!=$default_charset check.
* Argument is available since 1.4.5 and 1.5.1.
- * @param boolean $save_html disables htmlspecialchars() in order to preserve
+ * @param boolean $save_html disables sm_encode_html_special_chars() in order to preserve
* html formating. Use with care. Available since 1.4.6 and 1.5.1
* @return string decoded string
*/
// Don't do conversion if charset is the same.
if ( ! $force_decode && $charset == strtolower($default_charset) )
- return ($save_html ? $string : htmlspecialchars($string));
+ return ($save_html ? $string : sm_encode_html_special_chars($string));
// catch iso-8859-8-i thing
if ( $charset == "iso-8859-8-i" )
// other charsets can be converted to utf-8 without loss.
// and output string is smaller
$string = recode_string($charset . "..utf-8",$string);
- return ($save_html ? $string : htmlspecialchars($string));
+ return ($save_html ? $string : sm_encode_html_special_chars($string));
} else {
$string = recode_string($charset . "..html",$string);
- // recode does not convert single quote, htmlspecialchars does.
+ // recode does not convert single quote, sm_encode_html_special_chars does.
$string = str_replace("'", ''', $string);
// undo html specialchars
if ($save_html)
// iconv functions does not have html target and can be used only with utf-8
if ( $use_php_iconv && $default_charset=='utf-8') {
$string = iconv($charset,$default_charset,$string);
- return ($save_html ? $string : htmlspecialchars($string));
+ return ($save_html ? $string : sm_encode_html_special_chars($string));
}
// If we don't use recode and iconv, we'll do it old way.
/* All HTML special characters are 7 bit and can be replaced first */
- if (! $save_html) $string = htmlspecialchars ($string);
+ if (! $save_html) $string = sm_encode_html_special_chars ($string);
/* controls cpu and memory intensive decoding cycles */
if (! isset($aggressive_decoding) || $aggressive_decoding=="" ) {
* @since 1.4.4 and 1.5.1
* @param string $string
* @param string $charset
- * @param boolean $htmlencode keep htmlspecialchars encoding
+ * @param boolean $htmlencode keep sm_encode_html_special_chars encoding
* @return string
*/
function charset_encode($string,$charset,$htmlencode=true) {
* @param string $in_charset initial charset
* @param string $string string that has to be converted
* @param string $out_charset final charset
- * @param boolean $htmlencode keep htmlspecialchars encoding
+ * @param boolean $htmlencode keep sm_encode_html_special_chars encoding
* @return string converted string
*/
function charset_convert($in_charset,$string,$out_charset,$htmlencode=true) {
$template_themes = $oTemplate->get_alternative_stylesheets(true);
asort($template_themes);
foreach ($template_themes as $sheet=>$name) {
- $theme_values[$sheet] = 'Template Theme - '.htmlspecialchars($name);
+ $theme_values[$sheet] = 'Template Theme - '.sm_encode_html_special_chars($name);
}
// Next, list user-provided styles
asort($user_themes);
foreach ($user_themes as $style) {
if ($style['PATH'] == 'none')
continue;
- $theme_values[$style['PATH']] = 'User Theme - '.htmlspecialchars($style['NAME']);
+ $theme_values[$style['PATH']] = 'User Theme - '.sm_encode_html_special_chars($style['NAME']);
}
if (count($user_themes) + count($template_themes) > 1) {
'caption' => _("E-mail Address"),
'type' => SMOPT_TYPE_COMMENT,
'refresh' => SMOPT_REFRESH_NONE,
- 'comment' => htmlspecialchars($email_address)
+ 'comment' => sm_encode_html_special_chars($email_address)
);
}
}
echo "<tr><td valign=\"top\">$name</td><td>"
."<textarea cols=\"$size\" rows=\"4\" name=\"adm_$n\">"
- .htmlspecialchars(stripslashes(substr( $v, 1, strlen( $v ) - 2 )))
+ .sm_encode_html_special_chars(stripslashes(substr( $v, 1, strlen( $v ) - 2 )))
."</textarea>";
if ( isset( $defcfg[$k]['comment'] ) ) {
echo ' ' . $defcfg[$k]['comment'];
}
echo "<tr><td>$name</td><td>"
."<input size=\"$size\" name=\"adm_$n\" value=\""
- .htmlspecialchars(stripslashes(substr( $v, 1, strlen( $v ) - 2 )))
+ .sm_encode_html_special_chars(stripslashes(substr( $v, 1, strlen( $v ) - 2 )))
.'" />';
if ( isset( $defcfg[$k]['comment'] ) ) {
echo ' ' . $defcfg[$k]['comment'];
$calbar = $calendardata[$cdate][$calfoo['key']];
// FIXME: how to display multiline task
$title = '['. $calfoo['key']. '] ' .
- str_replace(array("\r","\n"),array(' ',' '),htmlspecialchars($calbar['message']));
+ str_replace(array("\r","\n"),array(' ',' '),sm_encode_html_special_chars($calbar['message']));
// FIXME: link to nowhere
echo "<a href=\"#\" style=\"text-decoration:none; color: "
.($calbar['priority']==1 ? $color[1] : $color[6])
- ."\" title=\"$title\">".htmlspecialchars($calbar['title'])."</a><br />\n";
+ ."\" title=\"$title\">".sm_encode_html_special_chars($calbar['title'])."</a><br />\n";
$i=$i+1;
if($i==2){
break;
* Plugin stores multiline texts converted to single line with PHP nl2br().
* Function undoes nl2br() conversion and html encoding of ASCII vertical bar.
*
- * Older plugin versions sanitized data with htmlspecialchars. Since 1.5.1 calendar
+ * Older plugin versions sanitized data with sm_encode_html_special_chars. Since 1.5.1 calendar
* data is not sanitized. Output functions must make sure that data is correctly
* encoded and sanitized.
* @param string $string calendar string
html_tag( 'td', date_intl(_("H:i"),mktime($ehour,$eminute,0,1,1,0)) . $elength, 'left' ) .
html_tag( 'td', '', 'left' ) . '[';
echo ($calbar['priority']==1) ?
- "<font color=\"$color[1]\">".htmlspecialchars($calbar['title']).'</font>' :
- htmlspecialchars($calbar['title']);
- echo'] <div style="margin-left:10px">'.nl2br(htmlspecialchars($calbar['message'])).'</div>' .
+ "<font color=\"$color[1]\">".sm_encode_html_special_chars($calbar['title']).'</font>' :
+ sm_encode_html_special_chars($calbar['title']);
+ echo'] <div style="margin-left:10px">'.nl2br(sm_encode_html_special_chars($calbar['message'])).'</div>' .
html_tag( 'td',
"<font size=\"-1\"><nobr>\n" .
"<a href=\"event_edit.php?year=$year&month=$month&day=$day&hour=".
) .
html_tag( 'tr',
html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" .
- html_tag( 'td', htmlspecialchars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
+ html_tag( 'td', sm_encode_html_special_chars($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n"
) .
html_tag( 'tr',
html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" .
- html_tag( 'td', nl2br(htmlspecialchars($event_text,ENT_NOQUOTES)), 'left', $color[4] ) . "\n"
+ html_tag( 'td', nl2br(sm_encode_html_special_chars($event_text,ENT_NOQUOTES)), 'left', $color[4] ) . "\n"
) .
html_tag( 'tr',
html_tag( 'td',
) .
html_tag( 'tr',
html_tag( 'td', _("Title:"), 'right', $color[4] ) .
- html_tag( 'td', htmlspecialchars($tmparray['title']), 'left', $color[4] )
+ html_tag( 'td', sm_encode_html_special_chars($tmparray['title']), 'left', $color[4] )
) .
html_tag( 'tr',
html_tag( 'td', _("Message:"), 'right', $color[4] ) .
- html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])), 'left', $color[4] )
+ html_tag( 'td', nl2br(sm_encode_html_special_chars($tmparray['message'])), 'left', $color[4] )
) .
html_tag( 'tr',
html_tag( 'td',
) .
html_tag( 'tr',
html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', htmlspecialchars($tmparray['title']) , 'left', $color[4] ) ."\n"
+ html_tag( 'td', sm_encode_html_special_chars($tmparray['title']) , 'left', $color[4] ) ."\n"
) .
html_tag( 'tr',
html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])) , 'left', $color[4] ) ."\n"
+ html_tag( 'td', nl2br(sm_encode_html_special_chars($tmparray['message'])) , 'left', $color[4] ) ."\n"
) .
html_tag( 'tr',
html_tag( 'th', _("to:") . "<br />\n", '', $color[4], 'colspan="2"' ) ."\n"
) .
html_tag( 'tr',
html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', htmlspecialchars($event_title) , 'left', $color[4] ) ."\n"
+ html_tag( 'td', sm_encode_html_special_chars($event_title) , 'left', $color[4] ) ."\n"
) .
html_tag( 'tr',
html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" .
- html_tag( 'td', nl2br(htmlspecialchars($event_text)) , 'left', $color[4] ) ."\n"
+ html_tag( 'td', nl2br(sm_encode_html_special_chars($event_text)) , 'left', $color[4] ) ."\n"
) .
html_tag( 'tr',
html_tag( 'td',
break;
default:
array_push($msgs,sprintf(_("Unsupported crypto: %s"),
- (is_string($ldap_crypto) ? htmlspecialchars($ldap_crypto) : _("unknown"))));
+ (is_string($ldap_crypto) ? sm_encode_html_special_chars($ldap_crypto) : _("unknown"))));
}
return $ret;
}
// connect to database and make sure that table exists
$cpw_db = DB::connect($cpw_peardb_dsn, $cpw_peardb_connect_opts);
if (PEAR::isError($cpw_db)) {
- array_push($msgs,sprintf(_("Connection error: %s"),htmlspecialchars($cpw_db->getMessage())));
+ array_push($msgs,sprintf(_("Connection error: %s"),sm_encode_html_special_chars($cpw_db->getMessage())));
if ($cpw_peardb_debug)
- array_push($msgs,htmlspecialchars($cpw_db->getuserinfo()));
+ array_push($msgs,sm_encode_html_special_chars($cpw_db->getuserinfo()));
return $msgs;
}
// get table information
$table_info = $cpw_db->tableinfo($cpw_peardb_table);
if (PEAR::isError($table_info)) {
- array_push($msgs,sprintf(_("Invalid table name: %s"),htmlspecialchars($cpw_peardb_table)));
+ array_push($msgs,sprintf(_("Invalid table name: %s"),sm_encode_html_special_chars($cpw_peardb_table)));
$cpw_db->disconnect();
return $msgs;
}
'');
$cpw_res=$cpw_db->query($query);
if (PEAR::isError($cpw_res)) {
- array_push($msgs,sprintf(_("Query failed: %s"),htmlspecialchars($cpw_res->getMessage())));
+ array_push($msgs,sprintf(_("Query failed: %s"),sm_encode_html_special_chars($cpw_res->getMessage())));
$cpw_db->disconnect();
return $msgs;
}
// check for update error
if (PEAR::isError($cpw_res)) {
- array_push($msgs,sprintf(_("Unable to set new password: %s"),htmlspecialchars($cpw_res->getMessage())));
+ array_push($msgs,sprintf(_("Unable to set new password: %s"),sm_encode_html_special_chars($cpw_res->getMessage())));
}
// close database connection
$ret = $password;
break;
default:
- array_push($msgs,sprintf(_("Unsupported crypto: %s"),htmlspecialchars($crypto)));
+ array_push($msgs,sprintf(_("Unsupported crypto: %s"),sm_encode_html_special_chars($crypto)));
}
return $ret;
}
if (isset($Messages) && count($Messages) > 0) {
echo "<tr><td>\n";
foreach ($Messages as $line) {
- echo htmlspecialchars($line) . "<br />\n";
+ echo sm_encode_html_special_chars($line) . "<br />\n";
}
echo "</td></tr>\n";
}
html_tag( 'td', '', 'left' ) .
'<input type="text" size="32" name="filter_what" value="';
if (isset($filters[$theid]['what'])) {
- echo htmlspecialchars($filters[$theid]['what']);
+ echo sm_encode_html_special_chars($filters[$theid]['what']);
}
echo '" />'.
'</td>'.
printf( _("If %s contains %s then move to %s"),
'<b>'.$filters[$i]['where'].'</b>',
'<b>'.$filters[$i]['what'].'</b>',
- '<b>'.htmlspecialchars(imap_utf7_decode_local($fdr)).'</b>');
+ '<b>'.sm_encode_html_special_chars(imap_utf7_decode_local($fdr)).'</b>');
echo '</td></tr>';
}
echo html_tag( 'p', '', 'center' ) .
'[<a href="spamoptions.php?action=spam">' . _("Edit") . '</a>]' .
' - [<a href="../../src/options.php">' . _("Done") . '</a>]</div><br /><br />';
- printf( _("Spam is sent to %s."), ($filters_spam_folder?'<b>'.htmlspecialchars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not set yet").'</i>]' ) );
+ printf( _("Spam is sent to %s."), ($filters_spam_folder?'<b>'.sm_encode_html_special_chars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not set yet").'</i>]' ) );
echo '<br />';
printf( _("Spam scan is limited to %s."), '<b>' . ( ($filters_spam_scan == 'new')?_("Unread messages only"):_("All messages") ) . '</b>' );
echo '</p>'.
}
$oTemplate->assign('color', $color);
- $oTemplate->assign('fortune', htmlspecialchars($fortune));
+ $oTemplate->assign('fortune', sm_encode_html_special_chars($fortune));
$output = $oTemplate->fetch('plugins/fortune/mailbox_index_before.tpl');
return array('mailbox_index_before' => $output);
* @access private
*/
function imap_test($imap_stream, $string) {
- print "<tr><td>".htmlspecialchars($string)."</td></tr>";
+ print "<tr><td>".sm_encode_html_special_chars($string)."</td></tr>";
$response = sqimap_run_command_list($imap_stream, trim($string),false, $responses, $message,false);
array_push($response, $responses . ' ' .$message);
return $response;
print_response($value);
}
else {
- print htmlspecialchars($value)."<br />\n";
+ print sm_encode_html_special_chars($value)."<br />\n";
}
}
}
"</b><br />\n";
foreach($caps_array[0] as $value) {
- echo htmlspecialchars($value);
+ echo sm_encode_html_special_chars($value);
}
echo "</td></tr><tr><td>\n";
}
}
else {
- echo 'folder_prefix = ' . htmlspecialchars($folder_prefix)."<br />\n" .
- 'default_charset = '.htmlspecialchars($default_charset)."\n";
+ echo 'folder_prefix = ' . sm_encode_html_special_chars($folder_prefix)."<br />\n" .
+ 'default_charset = '.sm_encode_html_special_chars($default_charset)."\n";
}
echo "<br /></td></tr></table><br />\n";
$out_string = _("This will send a message to %s requesting that you will be unsubscribed from this list. It will try to unsubscribe the adress below.");
break;
default:
- error_box(sprintf(_("Unknown action: %s"),htmlspecialchars($action)));
+ error_box(sprintf(_("Unknown action: %s"),sm_encode_html_special_chars($action)));
// display footer (closes html tags) and stop script execution
$oTemplate->display('footer.tpl');
exit;
}
-$out_string = sprintf($out_string, '"' . htmlspecialchars($send_to) . '"');
+$out_string = sprintf($out_string, '"' . sm_encode_html_special_chars($send_to) . '"');
$idents = get_identities();
$fieldsdescr = listcommands_fieldsdescr();
$fielddescr = $fieldsdescr[$action];
foreach($idents as $nr=>$data) {
echo '<option value="' . $nr . '">' .
- htmlspecialchars(
+ sm_encode_html_special_chars(
$data['full_name'].' <'.
$data['email_address'] . '>') .
"</option>\n";
} else {
echo _("From:");
- echo htmlspecialchars($idents[0]['full_name'].' <'.$idents[0]['email_address'].'>');
+ echo sm_encode_html_special_chars($idents[0]['full_name'].' <'.$idents[0]['email_address'].'>');
}
?>
<br /><br />
-<input type="hidden" name="send_to" value="<?php echo htmlspecialchars($send_to); ?>" />
-<input type="hidden" name="subject" value="<?php echo htmlspecialchars($subject); ?>" />
-<input type="hidden" name="body" value="<?php echo htmlspecialchars($body); ?>" />
-<input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox); ?>" />
+<input type="hidden" name="send_to" value="<?php echo sm_encode_html_special_chars($send_to); ?>" />
+<input type="hidden" name="subject" value="<?php echo sm_encode_html_special_chars($subject); ?>" />
+<input type="hidden" name="body" value="<?php echo sm_encode_html_special_chars($body); ?>" />
+<input type="hidden" name="mailbox" value="<?php echo sm_encode_html_special_chars($mailbox); ?>" />
<input type="submit" name="send1" value="<?php echo _("Send Mail"); ?>" />
<br />
</form>
function Mail_Fetch_Status($msg) {
echo html_tag( 'table',
html_tag( 'tr',
- html_tag( 'td', htmlspecialchars( $msg ) , 'left' )
+ html_tag( 'td', sm_encode_html_special_chars( $msg ) , 'left' )
),
'', '', 'width="90%"' );
flush();
'<option value="all" selected="selected">..' . _("All") . "...\n";
for ($i = 0;$i < $mailfetch['server_number'];$i++) {
echo "<option value=\"$i\">" .
- htmlspecialchars($mailfetch[$i]['alias']) .
+ sm_encode_html_special_chars($mailfetch[$i]['alias']) .
'</option>' . "\n";
}
echo '</select>' .
if ($mailfetch[$i]['pass'] == '') {
echo html_tag( 'tr',
html_tag( 'td', _("Password for") . ' <b>' .
- htmlspecialchars($mailfetch[$i]['alias']) .
+ sm_encode_html_special_chars($mailfetch[$i]['alias']) .
'</b>: ',
'right' ) .
html_tag( 'td', '<input type="password" name="pass_' . $i . '" />', 'left' )
html_tag( 'tr',
html_tag( 'td', '<b>' .
sprintf(_("Fetching from %s"),
- htmlspecialchars($mailfetch[$i_loop]['alias'])) .
+ sm_encode_html_special_chars($mailfetch[$i_loop]['alias'])) .
'</b>',
'center' ) ,
'', $color[9] ) ,
/* log into pop server*/
if (! $pop3->login($mailfetch_user, $mailfetch_pass)) {
- Mail_Fetch_Status(_("Login Failed:") . ' ' . htmlspecialchars($pop3->error));
+ Mail_Fetch_Status(_("Login Failed:") . ' ' . sm_encode_html_special_chars($pop3->error));
continue;
}
$aMsgStat = $pop3->command_stat();
if (is_bool($aMsgStat)) {
- Mail_Fetch_Status(_("Can't get mailbox status:") . ' ' . htmlspecialchars($pop3->error) );
+ Mail_Fetch_Status(_("Can't get mailbox status:") . ' ' . sm_encode_html_special_chars($pop3->error) );
continue;
}
Mail_Fetch_Status(_("Fetching UIDL..."));
$msglist = $pop3->command_uidl();
if (is_bool($msglist)) {
- Mail_Fetch_Status(_("Server does not support UIDL.") . ' '.htmlspecialchars($pop3->error));
+ Mail_Fetch_Status(_("Server does not support UIDL.") . ' '.sm_encode_html_special_chars($pop3->error));
// User asked to leave messages on server, but we can't do that.
$pop3->command_quit();
continue;
$Message = $pop3->command_retr($i);
if (is_bool($Message)) {
- Mail_Fetch_Status(htmlspecialchars($pop3->error));
+ Mail_Fetch_Status(sm_encode_html_special_chars($pop3->error));
continue;
}
$response=(implode('',$response));
$message=(implode('',$message));
if ($response != 'OK') {
- Mail_Fetch_Status(_("Error Appending Message!")." ".htmlspecialchars($message) );
+ Mail_Fetch_Status(_("Error Appending Message!")." ".sm_encode_html_special_chars($message) );
Mail_Fetch_Status(_("Closing POP"));
$pop3->command_quit();
Mail_Fetch_Status(_("Logging out from IMAP"));
if( $pop3->command_dele($i) ) {
Mail_Fetch_Status(sprintf(_("Message %d deleted from remote server!"), $i));
} else {
- Mail_Fetch_Status(_("Delete failed:") . htmlspecialchars($pop3->error) );
+ Mail_Fetch_Status(_("Delete failed:") . sm_encode_html_special_chars($pop3->error) );
}
}
} else {
$aMsgStat = $pop3->command_stat();
if (is_bool($aMsgStat)) {
- $outMsg .= _("Can't get mailbox status:") . ' ' . htmlspecialchars($pop3->error);
+ $outMsg .= _("Can't get mailbox status:") . ' ' . sm_encode_html_special_chars($pop3->error);
continue;
}
if ($mailfetch_lmos == 'on') {
$msglist = $pop3->command_uidl();
if (is_bool($msglist)) {
- $outMsg .= _("Server does not support UIDL.") . ' '.htmlspecialchars($pop3->error);
+ $outMsg .= _("Server does not support UIDL.") . ' '.sm_encode_html_special_chars($pop3->error);
// User asked to leave messages on server, but we can't do that.
$pop3->command_quit();
continue;
$Message = $pop3->command_retr($i);
if (is_bool($Message)) {
- $outMsg .= _("Warning:") . ' ' . htmlspecialchars($pop3->error);
+ $outMsg .= _("Warning:") . ' ' . sm_encode_html_special_chars($pop3->error);
continue;
}
$response=(implode('',$response));
$message=(implode('',$message));
if ($response != 'OK') {
- $outMsg .= _("Error Appending Message!")." ".htmlspecialchars($message);
+ $outMsg .= _("Error Appending Message!")." ".sm_encode_html_special_chars($message);
if ($mailfetch_lmos == 'on') {
setPref($data_dir,$username,"mailfetch_uidl_$i_loop", $msglist[$i-1]);
echo '<b>' . _("Server Name:") . '</b> <select name="mf_sn">';
for ($i=0;$i<$mailfetch_server_number;$i++) {
echo "<option value=\"$i\">" .
- htmlspecialchars( (($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . "</option>";
+ sm_encode_html_special_chars( (($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . "</option>";
}
echo '</select>'.
' <input type="submit" name="mf_action_mod" value="' . _("Modify") . '" />'.
html_tag( 'td',
"<input type=\"hidden\" name=\"mf_sn\" value=\"$mf_sn\" />" .
'<input type="hidden" name="mf_action" value="confirm_delete" />' .
- '<br />' . _("Selected Server:") . " <b>" . htmlspecialchars($mailfetch_server_[$mf_sn]) . "</b><br />" .
+ '<br />' . _("Selected Server:") . " <b>" . sm_encode_html_special_chars($mailfetch_server_[$mf_sn]) . "</b><br />" .
_("Confirm delete of selected server?") . '<br /><br />' .
'<input type="submit" name="submit_mailfetch" value="' . _("Confirm Delete") . '" />' .
'<br /></form>' ,
html_tag( 'tr',
html_tag( 'th', _("Server:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_server" value="' .
- htmlspecialchars($mailfetch_server_[$mf_sn]) . '" size="40" />', 'left' )
+ sm_encode_html_special_chars($mailfetch_server_[$mf_sn]) . '" size="40" />', 'left' )
) .
html_tag( 'tr',
html_tag( 'th', _("Port:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_port" value="' .
- htmlspecialchars($mailfetch_port_[$mf_sn]) . '" size="40" />', 'left' )
+ sm_encode_html_special_chars($mailfetch_port_[$mf_sn]) . '" size="40" />', 'left' )
) .
html_tag( 'tr',
html_tag( 'th', _("Alias:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_alias" value="' .
- htmlspecialchars($mailfetch_alias_[$mf_sn]) . '" size="40" />', 'left' )
+ sm_encode_html_special_chars($mailfetch_alias_[$mf_sn]) . '" size="40" />', 'left' )
) .
html_tag( 'tr',
html_tag( 'th', _("Username:"), 'right' ) .
html_tag( 'td', '<input type="text" name="mf_user" value="' .
- htmlspecialchars($mailfetch_user_[$mf_sn]) . '" size="20" />', 'left' )
+ sm_encode_html_special_chars($mailfetch_user_[$mf_sn]) . '" size="20" />', 'left' )
) .
html_tag( 'tr',
html_tag( 'th', _("Password:"), 'right' ) .
html_tag( 'td', '<input type="password" name="mf_pass" value="' .
- htmlspecialchars($mailfetch_pass_[$mf_sn]) . '" size="20" />', 'left' )
+ sm_encode_html_special_chars($mailfetch_pass_[$mf_sn]) . '" size="20" />', 'left' )
) .
html_tag( 'tr',
html_tag( 'th', _("Authentication type:"), 'right' ) .
$entities["$entStr"]['contenttype']=$reg[2].'/'.$reg[3];
}
} else if (!$nameset && preg_match("/^.*(name=\s*)\"(.*)\".*/i",$line,$reg)) {
- $name = htmlspecialchars($reg[2]);
+ $name = sm_encode_html_special_chars($reg[2]);
$content[$content_indx]['name'] = decodeHeader($name);
$nameset = true;
if (isset($entities["$entStr"])) {
if ($stripHTML) {
$message_body .= $line . "\r\n";
} else {
- $line = htmlspecialchars($line);
+ $line = sm_encode_html_special_chars($line);
if ($msgd_8bit_in_hex) $line = msgd_convert_to_hex($line);
$message_body .= "$pre"."$line"."$end"."\r\n";
}
/**
* Converts media attributes to string
* Warning:
- * * attribute values are automatically sanitized by htmlspecialchars()
+ * * attribute values are automatically sanitized by sm_encode_html_special_chars()
* * This is internal function, use newmail_media_objects() instead
* @param array $args array with object attributes
* @return string string with object attributes
function newmail_media_prepare_args($args) {
$ret_args='';
foreach ($args as $arg => $value) {
- $ret_args.= $arg . '="' . htmlspecialchars($value) . '" ';
+ $ret_args.= $arg . '="' . sm_encode_html_special_chars($value) . '" ';
}
return $ret_args;
}
if ($entry == $newmail_media) {
echo 'selected="selected" ';
}
- echo 'value="' . htmlspecialchars($entry) . '">' .
- htmlspecialchars($entry) . "</option>\n";
+ echo 'value="' . sm_encode_html_special_chars($entry) . '">' .
+ sm_encode_html_special_chars($entry) . "</option>\n";
}
}
$d->close();
echo 'selected="selected" ';
}
echo 'value="mmedia_' . $newmail_mm_name . '">'
- .htmlspecialchars($newmail_mm_name) . "</option>\n";
+ .sm_encode_html_special_chars($newmail_mm_name) . "</option>\n";
}
if($newmail_uploadsounds) {
// display currently uploaded file information
echo html_tag('tr')
. html_tag('td',_("Uploaded Media File:"),'right','','style="white-space: nowrap;"')
- . html_tag('td',($newmail_userfile_name!='' ? htmlspecialchars($newmail_userfile_name) : _("unavailable")))
+ . html_tag('td',($newmail_userfile_name!='' ? sm_encode_html_special_chars($newmail_userfile_name) : _("unavailable")))
."</tr>\n";
if ($newmail_userfile_name!='') {
echo html_tag( 'tr', "\n" .
html_tag( 'td', _("Current File:"), 'right', '', 'style="white-space: nowrap;"' ) .
html_tag( 'td', '<input type="hidden" value="' .
- htmlspecialchars($newmail_media) . '" name="media_default" />' .
- htmlspecialchars($media_output) . '', 'left' )
+ sm_encode_html_special_chars($newmail_media) . '" name="media_default" />' .
+ sm_encode_html_special_chars($media_output) . '', 'left' )
) . "\n";
}
echo html_tag( 'tr', "\n" .
'<small>(' . _("see below") . ')</small>','right','','valign="top"');
?>
<td valign="top"><form method="post" action="options.php">
- <input type="text" size="30" name="ID" value="<?php echo htmlspecialchars($spamcop_id) ?>" />
+ <input type="text" size="30" name="ID" value="<?php echo sm_encode_html_special_chars($spamcop_id) ?>" />
<input type="hidden" name="action" value="save_id" />
<?php
echo '<input type="submit" value="' . _("Save ID") . "\" />\n";
echo '<input type="button" value="' . _("Close Window") . "\" onclick=\"window.close(); return true;\" />\n";
} else {
?><form method="post" action="<?php echo sqm_baseuri(); ?>src/right_main.php">
- <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) ?>" />
- <input type="hidden" name="startMessage" value="<?php echo htmlspecialchars($startMessage) ?>" />
+ <input type="hidden" name="mailbox" value="<?php echo sm_encode_html_special_chars($mailbox) ?>" />
+ <input type="hidden" name="startMessage" value="<?php echo sm_encode_html_special_chars($startMessage) ?>" />
<?php
echo '<input type="submit" value="' . _("Cancel / Done") . "\" />";
}
$form_action = sqm_baseuri() . 'src/compose.php';
?> <form method="post" action="<?php echo $form_action?>">
<input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token() ?>" />
- <input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) ?>" />
- <input type="hidden" name="spamcop_is_composing" value="<?php echo htmlspecialchars($passed_id) ?>" />
- <input type="hidden" name="send_to" value="<?php echo htmlspecialchars($report_email)?>" />
+ <input type="hidden" name="mailbox" value="<?php echo sm_encode_html_special_chars($mailbox) ?>" />
+ <input type="hidden" name="spamcop_is_composing" value="<?php echo sm_encode_html_special_chars($passed_id) ?>" />
+ <input type="hidden" name="send_to" value="<?php echo sm_encode_html_special_chars($report_email)?>" />
<input type="hidden" name="subject" value="reply anyway" />
<input type="hidden" name="identity" value="0" />
<input type="hidden" name="session" value="<?php echo $session?>" />
} ?>
<input type="hidden" name="action" value="submit" />
<input type="hidden" name="oldverbose" value="1" />
- <input type="hidden" name="spam" value="<?php echo htmlspecialchars($spam_message); ?>" />
+ <input type="hidden" name="spam" value="<?php echo sm_encode_html_special_chars($spam_message); ?>" />
<?php
echo '<input type="submit" name="x1" value="' . _("Send Spam Report") . "\" />\n";
}
*/
if (!empty($check->error)) {
$msg= '<div style="text-align: center;">'
- . nl2br(htmlspecialchars($check->error))
+ . nl2br(sm_encode_html_special_chars($check->error))
. '<form onsubmit="return false">'
. '<input type="submit" value=" ' . _("Close")
. ' " onclick="self.close()" /></form></div>';
*/
if (!empty($check->error)) {
$msg= '<div style="text-align: center;">'
- . nl2br(htmlspecialchars($check->error))
+ . nl2br(sm_encode_html_special_chars($check->error))
. '<form onsubmit="return false">'
. '<input type="submit" value=" ' . _("Close")
. ' " onclick="self.close()" /></form></div>';
}
} else {
if (!empty($check->error)) {
- $error_msg = nl2br(htmlspecialchars($check->error));
+ $error_msg = nl2br(sm_encode_html_special_chars($check->error));
} else {
$error_msg = _("Unknown error");
}
$msg .= "</td><td valign=\"top\">\n";
}
$msg .= "<input type=\"checkbox\" name=\"words_ary[]\" "
- . 'value="'.htmlspecialchars($lang_words[$j]). '" id="words_ary_'
+ . 'value="'.sm_encode_html_special_chars($lang_words[$j]). '" id="words_ary_'
. $j . '" /> <label for="words_ary_' . $j .'">'
- . htmlspecialchars($lang_words[$j]) . "</label><br />\n";
+ . sm_encode_html_special_chars($lang_words[$j]) . "</label><br />\n";
}
$msg .= '</td></tr></table></td></tr>'
. "<tr bgcolor=\"$color[0]\" align=\"center\"><td>"
// print list of deleted words
foreach ($words_ary as $deleted_word) {
- $msg.= '<li>'.htmlspecialchars($deleted_word)."</li>\n";
+ $msg.= '<li>'.sm_encode_html_special_chars($deleted_word)."</li>\n";
}
// rebuild dictionary
if (sizeof($new_langs)>1) {
$dsp_string = '';
foreach( $new_langs as $a) {
- $dsp_string .= _(htmlspecialchars(trim($a))) . _(", ");
+ $dsp_string .= _(sm_encode_html_special_chars(trim($a))) . _(", ");
}
// remove last comma and space
$dsp_string = substr( $dsp_string, 0, -2 );
// make sure that you don't use html codes in language name translations
$msg = '<p>'
. sprintf(_("Settings adjusted to: %s with %s as default dictionary."),
- '<strong>'.htmlspecialchars($dsp_string).'</strong>',
- '<strong>'.htmlspecialchars(_($lang_default)).'</strong>')
+ '<strong>'.sm_encode_html_special_chars($dsp_string).'</strong>',
+ '<strong>'.sm_encode_html_special_chars(_($lang_default)).'</strong>')
. '</p>';
} else {
/**
* Only one dictionary is selected.
*/
$msg = '<p>'
- . sprintf(_("Using %s dictionary for spellcheck." ), '<strong>'.htmlspecialchars(_($new_langs[0])).'</strong>')
+ . sprintf(_("Using %s dictionary for spellcheck." ), '<strong>'.sm_encode_html_special_chars(_($new_langs[0])).'</strong>')
. '</p>';
}
. _("SquirrelSpell was unable to decrypt your personal dictionary. This is most likely due to the fact that you have changed your mailbox password. In order to proceed, you will have to supply your old password so that SquirrelSpell can decrypt your personal dictionary. It will be re-encrypted with your new password after this. If you haven't encrypted your dictionary, then it got mangled and is no longer valid. You will have to delete it and start anew. This is also true if you don't remember your old password -- without it, the encrypted data is no longer accessible.") ,
'left' ) . "\n"
. (($lang) ? html_tag('p',sprintf(_("Your %s dictionary is encrypted with password that differs from your current password."),
- htmlspecialchars($lang)),'left') : '')
+ sm_encode_html_special_chars($lang)),'left') : '')
. '<blockquote>' . "\n"
. '<form method="post" onsubmit="return AYS()">' . "\n"
. '<input type="hidden" name="MOD" value="crypto_badkey" />' . "\n"
. (($lang) ?
- '<input type="hidden" name="dict_lang" value="'.htmlspecialchars($lang).'" />' :
+ '<input type="hidden" name="dict_lang" value="'.sm_encode_html_special_chars($lang).'" />' :
'<input type="hidden" name="old_setup" value="yes" />')
. html_tag( 'p', "\n" .
'<input type="checkbox" name="delete_words" value="ON" id="delete_words" />'
}
if (! is_null($charset))
- echo ' accept-charset="'.htmlspecialchars($charset).'"';
+ echo ' accept-charset="'.sm_encode_html_special_chars($charset).'"';
echo ">\n";
/* Empty search */
if (empty($query) && empty($show) && !isset($listall)) {
- $oTemplate->assign('note', htmlspecialchars(_("No persons matching your search were found")));
+ $oTemplate->assign('note', sm_encode_html_special_chars(_("No persons matching your search were found")));
$oTemplate->display('note.tpl');
# exit;
}
}
if (!is_array($res)) {
- plain_error_message( _("Your search failed with the following error(s)") .':<br />'. nl2br(htmlspecialchars($abook->error)) );
+ plain_error_message( _("Your search failed with the following error(s)") .':<br />'. nl2br(sm_encode_html_special_chars($abook->error)) );
} elseif (sizeof($res) == 0) {
$oTemplate->assign('note', _("No persons matching your search were found"));
$oTemplate->display('note.tpl');
}
if (!is_array($res)) {
- plain_error_message(_("Your search failed with the following error(s)") .':<br />'. nl2br(htmlspecialchars($abook->error)));
+ plain_error_message(_("Your search failed with the following error(s)") .':<br />'. nl2br(sm_encode_html_special_chars($abook->error)));
} elseif (sizeof($res) == 0) {
$oTemplate->assign('note', _("No persons matching your search were found"));
$oTemplate->display('note.tpl');
$olddata = $abook->lookup($enick, $ebackend);
// Test if $olddata really contains anything and return an error message if it doesn't
if (!$olddata) {
- error_box(nl2br(htmlspecialchars($abook->error)));
+ error_box(nl2br(sm_encode_html_special_chars($abook->error)));
} else {
/* Display the "new address" form */
echo abook_create_form($form_url, 'editaddr',
/* Handle error messages */
if (!$r) {
/* Display error */
- plain_error_message( nl2br(htmlspecialchars($abook->error)));
+ plain_error_message( nl2br(sm_encode_html_special_chars($abook->error)));
/* Display the "new address" form again */
echo abook_create_form($form_url, 'editaddr',
/* Display error messages */
if (!empty($formerror)) {
- plain_error_message(nl2br(htmlspecialchars($formerror)));
+ plain_error_message(nl2br(sm_encode_html_special_chars($formerror)));
}
$addresses[$backend->bnum] = $a;
} else {
// list_addr() returns boolean
- plain_error_message(nl2br(htmlspecialchars($abook->error)));
+ plain_error_message(nl2br(sm_encode_html_special_chars($abook->error)));
}
} else {
$addresses[$backend->bnum] = $a;
$oTemplate->assign('identity_def', $identity);
$oTemplate->assign('input_onfocus', 'onfocus="'.join(' ', $onfocus_array).'"');
- $oTemplate->assign('to', htmlspecialchars($send_to));
- $oTemplate->assign('cc', htmlspecialchars($send_to_cc));
- $oTemplate->assign('bcc', htmlspecialchars($send_to_bcc));
- $oTemplate->assign('subject', htmlspecialchars($subject));
+ $oTemplate->assign('to', sm_encode_html_special_chars($send_to));
+ $oTemplate->assign('cc', sm_encode_html_special_chars($send_to_cc));
+ $oTemplate->assign('bcc', sm_encode_html_special_chars($send_to_bcc));
+ $oTemplate->assign('subject', sm_encode_html_special_chars($subject));
// access keys...
//
} else {
$body_str = "\n\n".($prefix_sig==true? "-- \n":'').decodeHeader($signature,false,false);
}
- $body_str .= "\n\n".htmlspecialchars(decodeHeader($body,false,false));
+ $body_str .= "\n\n".sm_encode_html_special_chars(decodeHeader($body,false,false));
} else {
- $body_str = "\n\n".htmlspecialchars(decodeHeader($body,false,false));
+ $body_str = "\n\n".sm_encode_html_special_chars(decodeHeader($body,false,false));
// FIXME: test is specific to ja_JP translation implementation. See above comments.
if ($default_charset == 'iso-2022-jp') {
$body_str .= "\n\n".($prefix_sig==true? "-- \n":'').mb_convert_encoding($signature, 'EUC-JP');
}
}
} else {
- $body_str = htmlspecialchars(decodeHeader($body,false,false));
+ $body_str = sm_encode_html_special_chars(decodeHeader($body,false,false));
}
$oTemplate->assign('editor_width', (int)$editor_size);
$composeMessage->purgeAttachments();
return $success;
} else {
- $msg = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), htmlspecialchars($draft_folder));
+ $msg = '<br />'.sprintf(_("Error: Draft folder %s does not exist."), sm_encode_html_special_chars($draft_folder));
plain_error_message($msg);
return false;
}
$msg .= '<br />'
. _("Server replied:") . ' '
. (isset($deliver->dlv_ret_nr) ? $deliver->dlv_ret_nr . ' ' : '')
- . nl2br(htmlspecialchars($deliver->dlv_server_msg));
+ . nl2br(sm_encode_html_special_chars($deliver->dlv_server_msg));
}
plain_error_message($msg);
} else {
|| strpos($variables_order, 'P') === FALSE
|| strpos($variables_order, 'C') === FALSE
|| strpos($variables_order, 'S') === FALSE) {
- do_err('Your variables_order setting is insufficient for SquirrelMail to function. It needs at least "GPCS", but you have it set to "' . htmlspecialchars($variables_order) . '"', true);
+ do_err('Your variables_order setting is insufficient for SquirrelMail to function. It needs at least "GPCS", but you have it set to "' . sm_encode_html_special_chars($variables_order) . '"', true);
} else {
echo $IND . "variables_order OK: $variables_order.<br />\n";
}
else if (strpos($gpc_order, 'G') === FALSE
|| strpos($gpc_order, 'P') === FALSE
|| strpos($gpc_order, 'C') === FALSE) {
- do_err('Your gpc_order setting is insufficient for SquirrelMail to function. It needs to be set to "GPC", but you have it set to "' . htmlspecialchars($gpc_order) . '"', true);
+ do_err('Your gpc_order setting is insufficient for SquirrelMail to function. It needs to be set to "GPC", but you have it set to "' . sm_encode_html_special_chars($gpc_order) . '"', true);
} else {
echo $IND . "gpc_order OK: $gpc_order.<br />\n";
}
// if plugin outputs more than newlines and spacing, stop script execution.
if (!empty($output)) {
- $plugin_load_error = 'Some output was produced when plugin <i>' . $name . '</i> was loaded. Usually this means there is an error in the plugin\'s setup or configuration file. The output was: '.htmlspecialchars($output);
+ $plugin_load_error = 'Some output was produced when plugin <i>' . $name . '</i> was loaded. Usually this means there is an error in the plugin\'s setup or configuration file. The output was: '.sm_encode_html_special_chars($output);
do_err($plugin_load_error);
}
}
echo $IND . "Default language OK.<br />\n";
}
-echo $IND . "Base URL detected as: <tt>" . htmlspecialchars($test_location) .
+echo $IND . "Base URL detected as: <tt>" . sm_encode_html_special_chars($test_location) .
"</tt> (location base " . (empty($config_location_base) ? 'autodetected' : 'set to <tt>' .
- htmlspecialchars($config_location_base)."</tt>") . ")<br />\n";
+ sm_encode_html_special_chars($config_location_base)."</tt>") . ")<br />\n";
/* check minimal requirements for other security options */
$errorNumber, $errorString);
if(!$stream) {
do_err("Error connecting to SMTP server \"$smtpServerAddress:$smtpPort\".".
- "Server error: ($errorNumber) ".htmlspecialchars($errorString));
+ "Server error: ($errorNumber) ".sm_encode_html_special_chars($errorString));
}
// check for SMTP code; should be 2xx to allow us access
$smtpline = fgets($stream, 1024);
if(((int) $smtpline{0}) > 3) {
do_err("Error connecting to SMTP server. Server error: ".
- htmlspecialchars($smtpline));
+ sm_encode_html_special_chars($smtpline));
}
/* smtp starttls checks */
$starttls_response=fgets($stream, 1024);
if ($starttls_response[0]!=2) {
$starttls_cmd_err = 'SMTP STARTTLS failed. Server replied: '
- .htmlspecialchars($starttls_response);
+ .sm_encode_html_special_chars($starttls_response);
do_err($starttls_cmd_err);
} elseif(! stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
do_err('Failed to enable encryption on SMTP STARTTLS connection.');
fputs($stream, 'QUIT');
fclose($stream);
echo $IND . 'SMTP server OK (<tt><small>'.
- trim(htmlspecialchars($smtpline))."</small></tt>)<br />\n";
+ trim(sm_encode_html_special_chars($smtpline))."</small></tt>)<br />\n";
/* POP before SMTP */
if($pop_before_smtp) {
$stream = fsockopen($pop_before_smtp_host, 110, $err_no, $err_str);
if (!$stream) {
do_err("Error connecting to POP Server ($pop_before_smtp_host:110) "
- . $err_no . ' : ' . htmlspecialchars($err_str));
+ . $err_no . ' : ' . sm_encode_html_special_chars($err_str));
}
$tmp = fgets($stream, 1024);
if (substr($tmp, 0, 3) != '+OK') {
do_err("Error connecting to POP Server ($pop_before_smtp_host:110)"
- . ' '.htmlspecialchars($tmp));
+ . ' '.sm_encode_html_special_chars($tmp));
}
fputs($stream, 'QUIT');
fclose($stream);
if(!$stream) {
do_err("Error connecting to IMAP server \"$imapServerAddress:$imapPort\".".
"Server error: ($errorNumber) ".
- htmlspecialchars($errorString));
+ sm_encode_html_special_chars($errorString));
}
/** Is the first response 'OK'? */
$imapline = fgets($stream, 1024);
if(substr($imapline, 0,4) != '* OK') {
do_err('Error connecting to IMAP server. Server error: '.
- htmlspecialchars($imapline));
+ sm_encode_html_special_chars($imapline));
}
echo $IND . 'IMAP server ready (<tt><small>'.
- htmlspecialchars(trim($imapline))."</small></tt>)<br />\n";
+ sm_encode_html_special_chars(trim($imapline))."</small></tt>)<br />\n";
/** Check capabilities */
fputs($stream, "A001 CAPABILITY\r\n");
$starttls_line=fgets($stream, 1024);
if (! preg_match("/^A002 OK.*/i",$starttls_line)) {
$imap_starttls_err = 'IMAP STARTTLS failed. Server replied: '
- .htmlspecialchars($starttls_line);
+ .sm_encode_html_special_chars($starttls_line);
do_err($imap_starttls_err);
} elseif (! stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
do_err('Failed to enable encryption on IMAP connection.');
}
}
-echo $IND . 'Capabilities: <tt>'.htmlspecialchars($capline)."</tt><br />\n";
+echo $IND . 'Capabilities: <tt>'.sm_encode_html_special_chars($capline)."</tt><br />\n";
if($imap_auth_mech == 'login' && stristr($capline, 'LOGINDISABLED') !== FALSE) {
do_err('Your server doesn\'t allow plaintext logins. '.
$display_locale = $setlocale;
$locale_count = 1;
}
- $tested_locales_msg = 'Tested '.htmlspecialchars($display_locale).' '
+ $tested_locales_msg = 'Tested '.sm_encode_html_special_chars($display_locale).' '
.($locale_count>1 ? 'locales':'locale'). '.';
echo $IND . $IND .$IND . $lang_data['NAME'].' (' .$lang_code. ') - ';
} else {
echo 'supported. '
.$tested_locales_msg
- .' setlocale() returned "'.htmlspecialchars($retlocale).'"';
+ .' setlocale() returned "'.sm_encode_html_special_chars($retlocale).'"';
}
echo "<br />\n";
}
echo "Webmail users can't change their time zone settings. \n";
}
if (isset($_ENV['TZ'])) {
- echo 'Default time zone is '.htmlspecialchars($_ENV['TZ']);
+ echo 'Default time zone is '.sm_encode_html_special_chars($_ENV['TZ']);
} else {
echo 'Current time zone is '.date('T');
}
$dbh = DB::connect($dsn, true);
if (DB::isError($dbh)) {
- do_err('Database error: '. htmlspecialchars(DB::errorMessage($dbh)) .
+ do_err('Database error: '. sm_encode_html_special_chars(DB::errorMessage($dbh)) .
' in ' .$type .' DSN.');
}
$dbh->disconnect();
}
if (isset($td_str)) {
- $oTemplate->assign('note', htmlspecialchars($td_str));
+ $oTemplate->assign('note', sm_encode_html_special_chars($td_str));
$oTemplate->display('note.tpl');
}
}
if ($use_folder) {
- $box_enc = htmlspecialchars($box_a['unformatted-dm']);
- $box_disp = htmlspecialchars(imap_utf7_decode_local($box_a['unformatted-disp']));
+ $box_enc = sm_encode_html_special_chars($box_a['unformatted-dm']);
+ $box_disp = sm_encode_html_special_chars(imap_utf7_decode_local($box_a['unformatted-disp']));
$subbox_option_list[] = array( 'Value' => $box_enc, 'Display' => $box_disp);
}
}
$password_form_name = 'secretkey';
do_hook('login_cookie', $null);
-$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? htmlspecialchars($loginname) : '');
+$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? sm_encode_html_special_chars($loginname) : '');
//FIXME: should be part of the template, not the core!
/* Output the javascript onload function. */
foreach($message_highlight_list as $index=>$rule) {
$a = array();
- $a['Name'] = htmlspecialchars($rule['name']);
+ $a['Name'] = sm_encode_html_special_chars($rule['name']);
$a['Color'] = $rule['color'];
$a['MatchField'] = '';
- $a['MatchValue'] = htmlspecialchars($rule['value']);
+ $a['MatchValue'] = sm_encode_html_special_chars($rule['value']);
switch ($rule['match_type']) {
case 'from' :
$a['MatchField'] = _("From");
$a['Title'] = $key==0 ? _("Default Identity") : sprintf(_("Alternate Identity %d"), $key);
$a['New'] = false;
$a['Default'] = $key==0;
- $a['FullName'] = htmlspecialchars($ident['full_name']);
- $a['Email'] = htmlspecialchars($ident['email_address']);
- $a['ReplyTo'] = htmlspecialchars($ident['reply_to']);
- $a['Signature'] = htmlspecialchars($ident['signature']);
+ $a['FullName'] = sm_encode_html_special_chars($ident['full_name']);
+ $a['Email'] = sm_encode_html_special_chars($ident['email_address']);
+ $a['ReplyTo'] = sm_encode_html_special_chars($ident['reply_to']);
+ $a['Signature'] = sm_encode_html_special_chars($ident['signature']);
$i[$key] = $a;
}
* Creates html formated table row with input field
* @param string $title Name displayed next to input field
* @param string $name Name of input field
- * @param string $data Default value of input field (data is sanitized with htmlspecialchars)
+ * @param string $data Default value of input field (data is sanitized with sm_encode_html_special_chars)
* @param string $bgcolor html attributes added to row element (tr)
* @return string html formated table row with text input field
* @since 1.2.0 (arguments differ since 1.4.5/1.5.1)
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
$str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' </td>' . "\n";
- $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. htmlspecialchars($data) . '" /> </td>' . "\n";
+ $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. sm_encode_html_special_chars($data) . '" /> </td>' . "\n";
$str .= '</tr>';
return $str;
* Creates html formated table row with textarea field
* @param string $title Name displayed next to textarea field
* @param string $name Name of textarea field
- * @param string $data Default value of textarea field (data is sanitized with htmlspecialchars)
+ * @param string $data Default value of textarea field (data is sanitized with sm_encode_html_special_chars)
* @param string $bgcolor html attributes added to row element (tr)
* @return string html formated table row with textarea
* @since 1.2.5 (arguments differ since 1.4.5/1.5.1)
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
$str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' </td>' . "\n";
- $str .= ' <td> <textarea name="' . $name . '" cols="50" rows="5">'. htmlspecialchars($data) . '</textarea> </td>' . "\n";
+ $str .= ' <td> <textarea name="' . $name . '" cols="50" rows="5">'. sm_encode_html_special_chars($data) . '</textarea> </td>' . "\n";
$str .= '</tr>';
return $str;
if (!sqgetGlobalVar('method', $method)) {
$method = '';
} else {
- $method = htmlspecialchars($method);
+ $method = sm_encode_html_special_chars($method);
}
if (!sqgetGlobalVar('positions', $pos, SQ_GET)) {
$pos = 0;
if (! empty($deliver->dlv_server_msg)) {
$msg.= "\n" .
_("Server replied:") . ' ' . $deliver->dlv_ret_nr . ' ' .
- nl2br(htmlspecialchars($deliver->dlv_server_msg));
+ nl2br(sm_encode_html_special_chars($deliver->dlv_server_msg));
}
plain_error_message($msg);
} else {
$a[] = array(
// note: decodeHeader is htmlsafe by default
'Name' => decodeHeader($r->getAddress(false)),
- 'Email' => htmlspecialchars($r->getEmail()),
+ 'Email' => sm_encode_html_special_chars($r->getEmail()),
'Full' => decodeHeader($r->getAddress(true))
);
}
$note = _("Your mail has been sent.");
}
if (isset($note)) {
- $oTemplate->assign('note', htmlspecialchars($note));
+ $oTemplate->assign('note', sm_encode_html_special_chars($note));
$oTemplate->display('note.tpl');
}
$cur_mailbox = 'INBOX';
$biop = asearch_nz($biop_array[$crit_num]);
if (($query_display == '') || ($cur_mailbox != $last_mailbox)) {
- $mailbox_display = ' <span class="mailbox">' . htmlspecialchars(asearch_get_mailbox_display($cur_mailbox)) . '</span>';
+ $mailbox_display = ' <span class="mailbox">' . sm_encode_html_special_chars(asearch_get_mailbox_display($cur_mailbox)) . '</span>';
if ($query_display == '')
$biop_display = _("In");
else
if ($what_type == 'adate')
$what_display = asearch_get_date_display($what);
else
- $what_display = htmlspecialchars($what);
+ $what_display = sm_encode_html_special_chars($what);
$what_display = ' <span class="value">' . $what_display . '</span>';
}
}
# Build the mailbox array
$a = array();
if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
- $a[$mailbox] = '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox));
+ $a[$mailbox] = '[' . _("Missing") . '] ' . sm_encode_html_special_chars(asearch_get_mailbox_display($mailbox));
}
$a['All Folders'] = '[' . asearch_get_mailbox_display('All Folders') . ']';
$a = array_merge($a, sqimap_mailbox_option_array($imapConnection, 0, $boxes, NULL));
# Build the mailbox array
$a = array();
if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
- $a[$mailbox] = '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox));
+ $a[$mailbox] = '[' . _("Missing") . '] ' . sm_encode_html_special_chars(asearch_get_mailbox_display($mailbox));
}
$a['All Folders'] = '[' . asearch_get_mailbox_display('All Folders') . ']';
$a = array_merge($a, sqimap_mailbox_option_array($imapConnection, 0, $boxes, NULL));
$oTemplate->assign('unary_options', $imap_asearch_unops);
$oTemplate->assign('where_options', $imap_asearch_options);
- $oTemplate->assign('mailbox_sel', strtolower(htmlspecialchars($mailbox)));
+ $oTemplate->assign('mailbox_sel', strtolower(sm_encode_html_special_chars($mailbox)));
$oTemplate->assign('unary_sel', $unop);
$oTemplate->assign('where_sel', $where);
$oTemplate->assign('what_val', $what);
$mailbox_display = imap_utf7_decode_local($mbx);
}
- $oTemplate->assign('mailbox_name', htmlspecialchars($mailbox_display));
+ $oTemplate->assign('mailbox_name', sm_encode_html_special_chars($mailbox_display));
$oTemplate->display('search_result_mailbox.tpl');
$oTemplate->assign('page_selector', $page_selector);
$vcard_nice['email;internet'] = $vcard_nice['email;pref;internet'];
}
} else {
- $oTemplate->assign('note', sprintf(_("vCard Version %s is not supported. Some information might not be converted correctly."), htmlspecialchars($vcard_nice['version'])));
+ $oTemplate->assign('note', sprintf(_("vCard Version %s is not supported. Some information might not be converted correctly."), sm_encode_html_special_chars($vcard_nice['version'])));
$oTemplate->display('note.tpl');
$vcard_nice['firstname'] = '';
}
foreach ($vcard_nice as $k => $v) {
- $v = htmlspecialchars($v);
+ $v = sm_encode_html_special_chars($v);
$v = trim($v);
$vcard_safe[$k] = trim(nl2br($v));
}
}
$cnum = 0;
for ($i=1; $i < count($read); $i++) {
- $line = htmlspecialchars($read[$i]);
+ $line = sm_encode_html_special_chars($read[$i]);
switch (true) {
case (preg_match('/^>/i', $line)):
$second[$i] = $line;
if (is_array($values['Email'])) {
echo '<select name="'.$formname.'[email]" id="email">'."\n";
foreach ($values['Email'] as $email) {
-//FIXME: htmlspecialchars should not be needed inside any template files - I think values are already sanitized by the time they get here
- echo '<option value="'.htmlspecialchars($email).'">'.htmlspecialchars($email).'</option>'."\n";
+//FIXME: sm_encode_html_special_chars should not be needed inside any template files - I think values are already sanitized by the time they get here
+ echo '<option value="'.sm_encode_html_special_chars($email).'">'.sm_encode_html_special_chars($email).'</option>'."\n";
}
echo '</select>'."\n";
} else {
<select name="backend" id="backend">
<?php
foreach ($writable_backends as $id=>$name) {
-//FIXME: htmlspecialchars should not be needed inside any template files - I think values are already sanitized by the time they get here
+//FIXME: sm_encode_html_special_chars should not be needed inside any template files - I think values are already sanitized by the time they get here
echo '<option value="' . $id
. ($current_backend == $id ? '" selected="selected"' : '"')
- . '>' . htmlspecialchars($name) . '</option>' . "\n";
+ . '>' . sm_encode_html_special_chars($name) . '</option>' . "\n";
}
?>
</select>
<select name="backend" id="backend">
<?php
foreach ($backends as $id=>$name) {
- echo '<option value="'.$id.'">'.htmlspecialchars($name).'</option>'."\n";
+ echo '<option value="'.$id.'">'.sm_encode_html_special_chars($name).'</option>'."\n";
}
?>
</select>
echo '<input type="' . $type . '"';
foreach ($aAttribs as $key => $value) {
-//TODO: see the FIXME tag on line 68 of functions/forms.php - the htmlspecialchars() below should be migrated to the template class
- echo ' ' . $key . (is_null($value) ? '' : '="' . htmlspecialchars($value) . '"');
+//TODO: see the FIXME tag on line 68 of functions/forms.php - the sm_encode_html_special_chars() below should be migrated to the template class
+ echo ' ' . $key . (is_null($value) ? '' : '="' . sm_encode_html_special_chars($value) . '"');
}
echo ' />';
<select name="num">
<?php
foreach ($not_used as $field_id=>$name) {
- echo '<option value="'.$field_id.'">'.htmlspecialchars($name).'</option>'."\n";
+ echo '<option value="'.$field_id.'">'.sm_encode_html_special_chars($name).'</option>'."\n";
}
?>
</select>
foreach ($not_used as $field_id=>$name) {
echo "<tr>\n" .
"<td colspan=\"3\" class=\"moveLink\"><a href=\"". $add.$field_id."\">".getIcon($icon_theme_path, 'plus.png', _("Add"), _("Add"))."</a></td>\n" .
- "<td class=\"fieldName\">".htmlspecialchars($name)."</td>\n" .
+ "<td class=\"fieldName\">".sm_encode_html_special_chars($name)."</td>\n" .
"</tr>\n";
}
?>
function composeLink ($row) {
return makeComposeLink('src/compose.php?send_to=' .
rawurlencode($row['RawFullAddress']),
- htmlspecialchars($row['Email']));
+ sm_encode_html_special_chars($row['Email']));
}
/**
$contacts = array();
while(list($undef,$row) = each($addresses)) {
$contact = array (
- 'FirstName' => htmlspecialchars($row['firstname']),
- 'LastName' => htmlspecialchars($row['lastname']),
- 'FullName' => htmlspecialchars($row['name']),
- 'NickName' => htmlspecialchars($row['nickname']),
- 'Email' => htmlspecialchars($row['email']),
- 'FullAddress' => htmlspecialchars(AddressBook::full_address($row)),
+ 'FirstName' => sm_encode_html_special_chars($row['firstname']),
+ 'LastName' => sm_encode_html_special_chars($row['lastname']),
+ 'FullName' => sm_encode_html_special_chars($row['name']),
+ 'NickName' => sm_encode_html_special_chars($row['nickname']),
+ 'Email' => sm_encode_html_special_chars($row['email']),
+ 'FullAddress' => sm_encode_html_special_chars(AddressBook::full_address($row)),
'RawFullAddress' => AddressBook::full_address($row),
- 'Info' => htmlspecialchars($row['label']),
+ 'Info' => sm_encode_html_special_chars($row['label']),
'Extra' => (isset($row['extra']) ? $row['extra'] : NULL),
- 'Source' => htmlspecialchars($row['source']),
- 'JSEmail' => htmlspecialchars(addcslashes(AddressBook::full_address($row), "'"), ENT_QUOTES),
+ 'Source' => sm_encode_html_special_chars($row['source']),
+ 'JSEmail' => sm_encode_html_special_chars(addcslashes(AddressBook::full_address($row), "'"), ENT_QUOTES),
);
$contacts[] = $contact;
}
* Return a string representing the priority of a message
*/
function priorityStr($p) {
- return htmlspecialchars(getPriorityStr($p));
+ return sm_encode_html_special_chars(getPriorityStr($p));
}
?>
\ No newline at end of file
projects / squirrelmail.git / commitdiff