Happy New Year

[squirrelmail.git] / plugins / newmail / newmail_opt.php

diff --git a/plugins/newmail/newmail_opt.php b/plugins/newmail/newmail_opt.php
index 902f089d2800f09662f50f36e354326546d33f5a..54e2952b6b80aa7313e09dbd30e0748e7a7ef31b 100644 (file)
--- a/plugins/newmail/newmail_opt.php
+++ b/plugins/newmail/newmail_opt.php
@@ -5,7 +5,7 @@
  *
  * Displays all options relating to new mail sounds
  *
- * @copyright 1999-2010 The SquirrelMail Project Team
+ * @copyright 1999-2020 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
@@ -146,18 +146,20 @@ if ($newmail_allowsound) {
     echo '>' . _("(none)") . '</option>' .  "\n";
     // Iterate sound files for options
     $d = dir(SM_PATH . 'plugins/newmail/sounds');
-    while($entry=$d->read()) {
-        // $fname = get_location () . '/sounds/' . $entry;
-        if ($entry != '..' && $entry != '.' && $entry != 'CVS' && $entry != 'index.php') {
-            echo '<option ';
-            if ($entry == $newmail_media) {
-                echo 'selected="selected" ';
+    if ($d) {
+        while($entry=$d->read()) {
+            // $fname = get_location () . '/sounds/' . $entry;
+            if ($entry != '..' && $entry != '.' && $entry != 'CVS' && $entry != 'index.php') {
+                echo '<option ';
+                if ($entry == $newmail_media) {
+                    echo 'selected="selected" ';
+                }
+                echo 'value="' . sm_encode_html_special_chars($entry) . '">' .
+                    sm_encode_html_special_chars($entry) . "</option>\n";
             }
-            echo 'value="' . htmlspecialchars($entry) . '">' .
-                htmlspecialchars($entry) . "</option>\n";
         }
+        $d->close();
     }
-    $d->close();
     // display media selection
     foreach($newmail_mmedia as $newmail_mm_name => $newmail_mm_data) {
         echo '<option ';
@@ -165,7 +167,7 @@ if ($newmail_allowsound) {
             echo 'selected="selected" ';
         }
         echo 'value="mmedia_' . $newmail_mm_name . '">'
-            .htmlspecialchars($newmail_mm_name) . "</option>\n";
+            .sm_encode_html_special_chars($newmail_mm_name) . "</option>\n";
     }
 
     if($newmail_uploadsounds) {
@@ -205,7 +207,7 @@ if ($newmail_allowsound) {
         // display currently uploaded file information
         echo  html_tag('tr')
             . html_tag('td',_("Uploaded Media File:"),'right','','style="white-space: nowrap;"')
-            . html_tag('td',($newmail_userfile_name!='' ? htmlspecialchars($newmail_userfile_name) : _("unavailable")))
+            . html_tag('td',($newmail_userfile_name!='' ? sm_encode_html_special_chars($newmail_userfile_name) : _("unavailable")))
             ."</tr>\n";
 
         if ($newmail_userfile_name!='') {
@@ -218,8 +220,8 @@ if ($newmail_allowsound) {
     echo html_tag( 'tr', "\n" .
                 html_tag( 'td', _("Current File:"), 'right', '', 'style="white-space: nowrap;"' ) .
                     html_tag( 'td', '<input type="hidden" value="' .
-                        htmlspecialchars($newmail_media) . '" name="media_default" />' .
-                        htmlspecialchars($media_output) . '', 'left' )
+                        sm_encode_html_special_chars($newmail_media) . '" name="media_default" />' .
+                        sm_encode_html_special_chars($media_output) . '', 'left' )
              ) . "\n";
 }
 echo html_tag( 'tr', "\n" .