X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Foptions_identities.php;h=22eee613e9db7f82560b88df94e973d2ff89f7d8;hp=39c588ad75e7c5f07fa5e7280e2309340453fbcc;hb=f2785d1147920588b40e8a34e3c980697e08748f;hpb=1977ab5587905d225c6288141b82f7a6e3d29d02 diff --git a/src/options_identities.php b/src/options_identities.php index 39c588ad..22eee613 100644 --- a/src/options_identities.php +++ b/src/options_identities.php @@ -5,7 +5,7 @@ * * Display Identities Options * - * @copyright 1999-2010 The SquirrelMail Project Team + * @copyright 1999-2016 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -44,7 +44,7 @@ sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); if (!empty($smaction) && is_array($smaction)) { // first do a security check - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); $doaction = ''; $identid = 0; @@ -80,10 +80,10 @@ foreach ($identities as $key=>$ident) { $a['Title'] = $key==0 ? _("Default Identity") : sprintf(_("Alternate Identity %d"), $key); $a['New'] = false; $a['Default'] = $key==0; - $a['FullName'] = htmlspecialchars($ident['full_name']); - $a['Email'] = htmlspecialchars($ident['email_address']); - $a['ReplyTo'] = htmlspecialchars($ident['reply_to']); - $a['Signature'] = htmlspecialchars($ident['signature']); + $a['FullName'] = sm_encode_html_special_chars($ident['full_name']); + $a['Email'] = sm_encode_html_special_chars($ident['email_address']); + $a['ReplyTo'] = sm_encode_html_special_chars($ident['reply_to']); + $a['Signature'] = sm_encode_html_special_chars($ident['signature']); $i[$key] = $a; } @@ -117,7 +117,7 @@ $oTemplate->display('footer.tpl'); /** * Returns html formated identity form fields * - * Contains options_identities_buttons and option_identities_table hooks. + * Contains options_identities_buttons and options_identities_table hooks. * Before 1.4.5/1.5.1 hooks were placed in ShowTableInfo() function. * In 1.1.3-1.4.1 they were called in do_hook function with two or * three arguments. Since 1.4.1 hooks are called in concat_hook_function. @@ -195,7 +195,7 @@ function ShowIdentityInfo($title, $identity, $id ) { * Creates html formated table row with input field * @param string $title Name displayed next to input field * @param string $name Name of input field - * @param string $data Default value of input field (data is sanitized with htmlspecialchars) + * @param string $data Default value of input field (data is sanitized with sm_encode_html_special_chars) * @param string $bgcolor html attributes added to row element (tr) * @return string html formated table row with text input field * @since 1.2.0 (arguments differ since 1.4.5/1.5.1) @@ -207,7 +207,7 @@ function sti_input( $title, $name, $data, $bgcolor ) { $str = ''; $str .= '\n"; $str .= ' ' . $title . ' ' . "\n"; - $str .= ' ' . "\n"; + $str .= ' ' . "\n"; $str .= ''; return $str; @@ -218,7 +218,7 @@ function sti_input( $title, $name, $data, $bgcolor ) { * Creates html formated table row with textarea field * @param string $title Name displayed next to textarea field * @param string $name Name of textarea field - * @param string $data Default value of textarea field (data is sanitized with htmlspecialchars) + * @param string $data Default value of textarea field (data is sanitized with sm_encode_html_special_chars) * @param string $bgcolor html attributes added to row element (tr) * @return string html formated table row with textarea * @since 1.2.5 (arguments differ since 1.4.5/1.5.1) @@ -230,7 +230,7 @@ function sti_textarea( $title, $name, $data, $bgcolor ) { $str = ''; $str .= '\n"; $str .= ' ' . $title . ' ' . "\n"; - $str .= ' ' . "\n"; + $str .= ' ' . "\n"; $str .= ''; return $str;