From b2e7eb535ea35bdac8996414b3423e8563801304 Mon Sep 17 00:00:00 2001 From: alex-brainstorm Date: Wed, 30 Jul 2003 14:18:01 +0000 Subject: [PATCH] Do not strip_tags the mailbox name, htmlentities() mailbox name display instead of htmlspecialchars() git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@5482 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- src/search.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/search.php b/src/search.php index b8e4b6c8..a7ad779e 100644 --- a/src/search.php +++ b/src/search.php @@ -14,10 +14,10 @@ define('SM_PATH','../'); /* SquirrelMail required files. */ require_once(SM_PATH . 'include/validate.php'); -require_once(SM_PATH . 'functions/imap.php'); +require_once(SM_PATH . 'functions/strings.php'); require_once(SM_PATH . 'functions/imap_asearch.php'); require_once(SM_PATH . 'functions/imap_mailbox.php'); -require_once(SM_PATH . 'functions/strings.php'); +require_once(SM_PATH . 'functions/mailbox_display.php'); //getButton()... function asearch_unhtml_strcoll($a, $b) { @@ -357,7 +357,7 @@ function asearch_get_query_display($color, $mailbox_array, $biop_array, $unop_ar if ($what_type == 'adate') $what_display = asearch_get_date_display($what); else - $what_display = htmlspecialchars($what); + $what_display = htmlentities($what); $what_display = ' ' . $what_display . ''; } } @@ -522,7 +522,7 @@ function asearch_print_form_row($imapConnection, $boxes, $mailbox, $biop, $unop, $what_disp = str_replace('\\\\', '\\', $what_disp); $what_disp = str_replace('\\"', '"', $what_disp); $what_disp = str_replace('"', '"', $what_disp);*/ - $what_disp = htmlspecialchars($what, ENT_QUOTES); + $what_disp = htmlspecialchars($what); echo html_tag('td', '', 'center') . "\n"; /* Exclude criteria */ @@ -554,7 +554,7 @@ function asearch_print_form($imapConnection, $boxes, $mailbox_array, $biop_array $mailbox = $boxes[0]['unformatted']; $biop = strip_tags(asearch_nz($biop_array[$row_num])); $unop = strip_tags(asearch_nz($unop_array[$row_num])); - $where = strip_tags(asearch_nz($where_array[$row_num])); + $where = asearch_nz($where_array[$row_num]); $what = asearch_nz($what_array[$row_num]); $exclude = strip_tags(asearch_nz($exclude_array[$row_num])); asearch_print_form_row($imapConnection, $boxes, $mailbox, $biop, $unop, $where, $what, $exclude, $row_num); -- 2.25.1