From c77a0487fd3f8908c8cac136598d307f26945847 Mon Sep 17 00:00:00 2001
From: tokul <tokul@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sat, 9 Oct 2004 12:46:40 +0000
Subject: [PATCH] sanitizing folder name display.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@8174 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/imap_mailbox.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/functions/imap_mailbox.php b/functions/imap_mailbox.php
index 3d7f87f6..5eb359e4 100755
--- a/functions/imap_mailbox.php
+++ b/functions/imap_mailbox.php
@@ -532,10 +532,10 @@ function sqimap_mailbox_option_list($imap_stream, $show_selected = 0, $folder_sk
                 switch ($shorten_box_names)
                 {
                   case 2:   /* delimited, style = 2 */
-                    $box2 = str_replace('&nbsp;&nbsp;', '.&nbsp;', $boxes_part['formatted']);
+                    $box2 = str_replace('&amp;nbsp;&amp;nbsp;', '.&nbsp;', htmlspecialchars($boxes_part['formatted']));
                     break;
                   case 1:   /* indent, style = 1 */
-                    $box2 = $boxes_part['formatted'];
+                    $box2 = str_replace('&amp;nbsp;&amp;nbsp;', '&nbsp;&nbsp;', htmlspecialchars($boxes_part['formatted']));
                     break;
                   default:  /* default, long names, style = 0 */
                     $box2 = str_replace(' ', '&nbsp;', htmlspecialchars(imap_utf7_decode_local($boxes_part['unformatted-disp'])));
-- 
2.25.1