in some cases sanitazing is implemented in form functions

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7695 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/functions/i18n.php b/functions/i18n.php
index b9b22c4ab93488628db08979ddce7660ef7c04d8..1ce3c5b3340caf2aa3cb368d1e97a39535363c0e 100644 (file)
--- a/functions/i18n.php
+++ b/functions/i18n.php
@@ -111,11 +111,17 @@ function charset_decode ($charset, $string) {
  * Converts html string to given charset
  * @param string $string
  * @param string $charset
+ * @param boolean $htmlencode keep htmlspecialchars encoding
  * @param string 
  */
-function charset_encode($string,$charset) {
+function charset_encode($string,$charset,$htmlencode=true) {
   global $default_charset;
 
+  // Undo html special chars
+  if (! $htmlencode ) {
+     $string = str_replace(array('&amp;','&gt;','&lt;','&quot;'),array('&','>','<','"'),$string);
+  }
+
   $encode=fixcharset($charset);
   $encodefile=SM_PATH . 'functions/encode/' . $encode . '.php';
   if (file_exists($encodefile)) {
@@ -135,11 +141,12 @@ function charset_encode($string,$charset) {
  * @param string $in_charset initial charset
  * @param string $string string that has to be converted
  * @param string $out_charset final charset
+ * @param boolean $htmlencode keep htmlspecialchars encoding
  * @return string converted string
  */
-function charset_convert($in_charset,$string,$out_charset) {
+function charset_convert($in_charset,$string,$out_charset,$htmlencode=true) {
   $string=charset_decode($in_charset,$string);
-  $string=charset_encode($string,$out_charset);
+  $string=charset_encode($string,$out_charset,$htmlencode);
   return $string;
 }