From 2706a0b1ad7f6670769ada12aef73ffa0470889b Mon Sep 17 00:00:00 2001 From: tokul Date: Wed, 10 Aug 2005 19:27:37 +0000 Subject: [PATCH] remove html formating from error messages. XSS fixes sanitize errors and display " git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@9927 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/abook_database.php | 6 ++---- functions/abook_local_file.php | 8 ++++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/functions/abook_database.php b/functions/abook_database.php index 765ab984..bfdadb9d 100644 --- a/functions/abook_database.php +++ b/functions/abook_database.php @@ -317,8 +317,7 @@ class abook_database extends addressbook_backend { /* See if user exist already */ $ret = $this->lookup($userdata['nickname']); if (!empty($ret)) { - return $this->set_error(sprintf(_("User %s already exists"), - '"' . $ret['nickname'] . '"')); + return $this->set_error(sprintf(_("User \"%s\" already exists"),$ret['nickname'])); } /* Create query */ @@ -398,8 +397,7 @@ class abook_database extends addressbook_backend { /* See if user exist */ $ret = $this->lookup($alias); if (empty($ret)) { - return $this->set_error(sprintf(_("User %s does not exist"), - '&qout;' . $alias . '&qout;')); + return $this->set_error(sprintf(_("User \"%s\" does not exist"),$alias)); } /* Create query */ diff --git a/functions/abook_local_file.php b/functions/abook_local_file.php index 202d641d..e0ad8189 100644 --- a/functions/abook_local_file.php +++ b/functions/abook_local_file.php @@ -361,8 +361,8 @@ class abook_local_file extends addressbook_backend { /* See if user exists already */ $ret = $this->lookup($userdata['nickname']); if(!empty($ret)) { - return $this->set_error(sprintf(_("User %s already exists"), - '"' . $ret['nickname'] . '"')); + // i18n: don't use html formating in translation + return $this->set_error(sprintf(_("User \"%s\" already exists"),$ret['nickname'])); } /* Here is the data to write */ @@ -454,8 +454,8 @@ class abook_local_file extends addressbook_backend { /* See if user exists */ $ret = $this->lookup($alias); if(empty($ret)) { - return $this->set_error(sprintf(_("User %s does not exist"), - '"' . $alias . '"')); + // i18n: don't use html formating in translation + return $this->set_error(sprintf(_("User \"%s\" does not exist"),$alias)); } /* Lock the file to make sure we're the only process working -- 2.25.1