From 95fde4c89e9b9c235cb3923cd1a286f94c93f449 Mon Sep 17 00:00:00 2001 From: kink Date: Sun, 7 Jun 2015 13:51:19 +0000 Subject: [PATCH] Replace invalid characters with a symbol instead of returning empty string for the entire to be encoded string. Currently, if an email contains such an invalid character, the whole line will be left out, which is rather confusing. Even more when it's the email subject. This constant is only available in PHP 5.4 and up. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14501 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/strings.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/functions/strings.php b/functions/strings.php index 0b2d3b53..0c9f5807 100644 --- a/functions/strings.php +++ b/functions/strings.php @@ -1685,7 +1685,7 @@ function sm_validate_security_token($token, $validity_period=0, $show_error=FALS * @param string $string The string to be converted * @param int $flags A bitmask that controls the behavior of htmlspecialchars() * (See http://php.net/manual/function.htmlspecialchars.php ) - * (OPTIONAL; default ENT_COMPAT) + * (OPTIONAL; default ENT_COMPAT, ENT_COMPAT | ENT_SUBSTITUTE for PHP >=5.4) * @param string $encoding The character encoding to use in the conversion * (OPTIONAL; default automatic detection) * @param boolean $double_encode Whether or not to convert entities that are @@ -1706,9 +1706,14 @@ function sm_encode_html_special_chars($string, $flags=ENT_COMPAT, $encoding = $default_charset; } -// TODO: Is adding this check an unnecessary performance hit? - if (check_php_version(5, 2, 3)) + if (check_php_version(5, 2, 3)) { + // Replace invalid characters with a symbol instead of returning + // empty string for the entire to be encoded string. + if (check_php_version(5, 4, 0) && $flags == ENT_COMPAT) { + $flags = $flags | ENT_SUBSTITUTE; + } return htmlspecialchars($string, $flags, $encoding, $double_encode); + } return htmlspecialchars($string, $flags, $encoding); } -- 2.25.1