(if PHP escaped them) if you include strings.php
* Removed sqStripSlahes (no need anymore)
* Completely fixed problem with some data needing escapes, some not, and some
accidentally getting escaped twice (often in compose.php).
To use:
* Load strings.php at the beginning of your script
* All form variables are accessable as globals (as usual), but are without
the escape backslashes (if PHP put any in).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@1050
7612ce4b-ef26-0410-bec9-
ea0150e637f0
13 files changed:
if (($body_message->header->type0 == "text") ||
($body_message->header->type0 == "rfc822")) {
if (($body_message->header->type0 == "text") ||
($body_message->header->type0 == "rfc822")) {
- $body = mime_fetch_body ($imap_stream, $id, $ent_num);
+ $body = mime_fetch_body ($imap_stream, $id, $ent_num);
$body = decodeBody($body, $body_message->header->encoding);
// If there are other types that shouldn't be formatted, add
$body = decodeBody($body, $body_message->header->encoding);
// If there are other types that shouldn't be formatted, add
/** Here is the header and wrapping table **/
$shortBoxName = readShortMailboxName($mailbox, ".");
/** Here is the header and wrapping table **/
$shortBoxName = readShortMailboxName($mailbox, ".");
- $shortBoxName = sqStripSlashes($shortBoxName);
echo "<A NAME=pagetop></A>\n";
echo "<TABLE BGCOLOR=\"$color[4]\" BORDER=0 WIDTH=\"100%\" CELLSPACING=0 CELLPADDING=2>\n";
echo " <TR BGCOLOR=\"$color[9]\">\n";
echo "<A NAME=pagetop></A>\n";
echo "<TABLE BGCOLOR=\"$color[4]\" BORDER=0 WIDTH=\"100%\" CELLSPACING=0 CELLPADDING=2>\n";
echo " <TR BGCOLOR=\"$color[9]\">\n";
$bcc_list = getLineOfAddrs($bcc);
/* Encoding 8-bit characters and making from line */
$bcc_list = getLineOfAddrs($bcc);
/* Encoding 8-bit characters and making from line */
- $subject = sqStripSlashes(encodeHeader($subject));
+ $subject = encodeHeader($subject);
if ($from == '')
$from = "<$from_addr>";
else
if ($from == '')
$from = "<$from_addr>";
else
$body .= "Content-Type: text/plain\r\n";
$body .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$body .= "Content-Type: text/plain\r\n";
$body .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
- $body .= sqStripSlashes($passedBody) . "\r\n\r\n";
+ $body .= $passedBody . "\r\n\r\n";
fputs ($fp, $body);
$attachmentlength = attachFiles($fp);
fputs ($fp, $body);
$attachmentlength = attachFiles($fp);
$postbody .= "\r\n--".mimeBoundary()."--\r\n\r\n";
fputs ($fp, $postbody);
} else {
$postbody .= "\r\n--".mimeBoundary()."--\r\n\r\n";
fputs ($fp, $postbody);
} else {
- $body = sqStripSlashes($passedBody) . "\r\n";
+ $body = $passedBody . "\r\n";
fputs ($fp, $body);
$postbody = "\r\n";
fputs ($fp, $postbody);
fputs ($fp, $body);
$postbody = "\r\n";
fputs ($fp, $postbody);
/* $Id$ */
$strings_php = true;
/* $Id$ */
$strings_php = true;
+
+ // Remove all slashes for form values
+ if (get_magic_quotes_gpc())
+ {
+ global $REQUEST_METHOD;
+ if ($REQUEST_METHOD == "POST")
+ {
+ global $HTTP_POST_VARS;
+ RemoveSlashes($HTTP_POST_VARS);
+ }
+ elseif ($REQUEST_METHOD == "GET")
+ {
+ global $HTTP_GET_VARS;
+ RemoveSlashes($HTTP_GET_VARS);
+ }
+ }
+
+
+ function RemoveSlashes($array)
+ {
+ foreach ($array as $k => $v)
+ {
+ global $$k;
+ if (is_array($$k))
+ {
+ foreach ($$k as $k2 => $v2)
+ {
+ $newArray[stripslashes($k2)] = stripslashes($v2);
+ }
+ $$k = $newArray;
+ }
+ else
+ {
+ $$k = stripslashes($v);
+ }
+ }
+ }
+
//*************************************************************************
// Count the number of occurances of $needle are in $haystack.
//*************************************************************************
// Count the number of occurances of $needle are in $haystack.
- function sqStripSlashes($string) {
- if (get_magic_quotes_gpc()) {
- $string = stripslashes($string);
- }
- return $string;
- }
-
// These functions are used to encrypt the passowrd before it is
// stored in a cookie.
// These functions are used to encrypt the passowrd before it is
// stored in a cookie.
// Initialize addressbook
$abook = addressbook_init();
// Initialize addressbook
$abook = addressbook_init();
- $body = sqStripSlashes($body);
- $send_to = sqStripSlashes($send_to);
- $send_to_cc = sqStripSlashes($send_to_cc);
- $send_to_bcc = sqStripSlashes($send_to_bcc);
- $subject = sqStripSlashes($subject);
-
session_start();
if (!isset($strings_php))
session_start();
if (!isset($strings_php))
global $forward_id, $imapConnection, $msg, $ent_num, $body_ary, $body,
$reply_id, $send_to, $send_to_cc, $mailbox, $send_to_bcc, $editor_size;
global $forward_id, $imapConnection, $msg, $ent_num, $body_ary, $body,
$reply_id, $send_to, $send_to_cc, $mailbox, $send_to_bcc, $editor_size;
- $send_to = sqStripSlashes(decodeHeader($send_to));
- $send_to_cc = sqStripSlashes(decodeHeader($send_to_cc));
- $send_to_bcc = sqStripSlashes(decodeHeader($send_to_bcc));
+ $send_to = decodeHeader($send_to);
+ $send_to_cc = decodeHeader($send_to_cc);
+ $send_to_bcc = decodeHeader($send_to_bcc);
if ($forward_id)
$id = $forward_id;
if ($forward_id)
$id = $forward_id;
$send_to_bcc, $reply_id, $mailbox, $from_htmladdr_search,
$location_of_buttons;
$send_to_bcc, $reply_id, $mailbox, $from_htmladdr_search,
$location_of_buttons;
- $subject = sqStripSlashes(decodeHeader($subject));
+ $subject = decodeHeader($subject);
$reply_subj = decodeHeader($reply_subj);
$forward_subj = decodeHeader($forward_subj);
$reply_subj = decodeHeader($reply_subj);
$forward_subj = decodeHeader($forward_subj);
echo " </TD><TD BGCOLOR=\"$color[4]\" ALIGN=LEFT>\n";
if ($reply_subj) {
$reply_subj = str_replace("\"", "'", $reply_subj);
echo " </TD><TD BGCOLOR=\"$color[4]\" ALIGN=LEFT>\n";
if ($reply_subj) {
$reply_subj = str_replace("\"", "'", $reply_subj);
- $reply_subj = sqStripSlashes($reply_subj);
$reply_subj = trim($reply_subj);
if (substr(strtolower($reply_subj), 0, 3) != "re:")
$reply_subj = "Re: $reply_subj";
$reply_subj = trim($reply_subj);
if (substr(strtolower($reply_subj), 0, 3) != "re:")
$reply_subj = "Re: $reply_subj";
htmlspecialchars($reply_subj));
} else if ($forward_subj) {
$forward_subj = str_replace("\"", "'", $forward_subj);
htmlspecialchars($reply_subj));
} else if ($forward_subj) {
$forward_subj = str_replace("\"", "'", $forward_subj);
- $forward_subj = sqStripSlashes($forward_subj);
$forward_subj = trim($forward_subj);
if ((substr(strtolower($forward_subj), 0, 4) != "fwd:") &&
(substr(strtolower($forward_subj), 0, 5) != "[fwd:") &&
$forward_subj = trim($forward_subj);
if ((substr(strtolower($forward_subj), 0, 4) != "fwd:") &&
(substr(strtolower($forward_subj), 0, 5) != "[fwd:") &&
is_logged_in();
displayPageHeader($color, $mailbox);
is_logged_in();
displayPageHeader($color, $mailbox);
- $send_to = sqStripSlashes($send_to);
- $send_to_cc = sqStripSlashes($send_to_cc);
- $send_to_bcc = sqStripSlashes($send_to_bcc);
-
for ($i=0; $i < count($send_to_search); $i++) {
if ($send_to)
$send_to .= ", ";
for ($i=0; $i < count($send_to_search); $i++) {
if ($send_to)
$send_to .= ", ";
header("Content-type: application/octet-stream; name=\"$filename\"");
set_up_language(getPref($data_dir, $username, "language"));
if ($type1 == "plain") {
header("Content-type: application/octet-stream; name=\"$filename\"");
set_up_language(getPref($data_dir, $username, "language"));
if ($type1 == "plain") {
- echo _("Subject") . ": " . decodeHeader(sqStripSlashes($top_header->subject)) . "\n";
- echo " " . _("From") . ": " . decodeHeader(sqStripSlashes($top_header->from)) . "\n";
- echo " " . _("To") . ": " . decodeHeader(sqStripSlashes(getLineOfAddrs($top_header->to))) . "\n";
+ echo _("Subject") . ": " . decodeHeader($top_header->subject) . "\n";
+ echo " " . _("From") . ": " . decodeHeader($top_header->from) . "\n";
+ echo " " . _("To") . ": " . decodeHeader(getLineOfAddrs($top_header->to)) . "\n";
echo " " . _("Date") . ": " . getLongDateString($top_header->date) . "\n\n";
}
echo trim($body);
echo " " . _("Date") . ": " . getLongDateString($top_header->date) . "\n\n";
}
echo trim($body);
$subfolder_orig = $subfolder;
}
$subfolder_orig = $subfolder;
}
- if ((trim($subfolder_orig) == "[ None ]") || (trim(sqStripSlashes($subfolder_orig)) == "[ None ]")) {
+ if ((trim($subfolder_orig) == "[ None ]") || (trim($subfolder_orig) == "[ None ]")) {
sqimap_mailbox_create ($imapConnection, $folder_prefix.$folder_name, "");
} else {
sqimap_mailbox_create ($imapConnection, $subfolder.$dm.$folder_name, "");
sqimap_mailbox_create ($imapConnection, $folder_prefix.$folder_name, "");
} else {
sqimap_mailbox_create ($imapConnection, $subfolder.$dm.$folder_name, "");
$imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
$boxes = sqimap_mailbox_list ($imap_stream);
$dm = sqimap_get_delimiter($imap_stream);
$imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
$boxes = sqimap_mailbox_list ($imap_stream);
$dm = sqimap_get_delimiter($imap_stream);
- $mailbox = sqStripSlashes($mailbox);
if (substr($mailbox, -1) == $dm)
$mailbox_no_dm = substr($mailbox, 0, strlen($mailbox) - 1);
if (substr($mailbox, -1) == $dm)
$mailbox_no_dm = substr($mailbox, 0, strlen($mailbox) - 1);
else
$newone = "$new_name";
else
$newone = "$new_name";
- $orig = sqStripSlashes($orig);
- $newone = sqStripSlashes($newone);
-
fputs ($imapConnection, ". RENAME \"$orig\" \"$newone\"\r\n");
$data = sqimap_read_data($imapConnection, ".", true, $a, $b);
fputs ($imapConnection, ". RENAME \"$orig\" \"$newone\"\r\n");
$data = sqimap_read_data($imapConnection, ".", true, $a, $b);
- $old_name = sqStripSlashes($old_name);
-
displayPageHeader($color, "None");
echo "<br><TABLE align=center border=0 WIDTH=95% COLS=1>";
echo "<TR><TD BGCOLOR=\"$color[0]\" ALIGN=CENTER><B>";
displayPageHeader($color, "None");
echo "<br><TABLE align=center border=0 WIDTH=95% COLS=1>";
echo "<TR><TD BGCOLOR=\"$color[0]\" ALIGN=CENTER><B>";
<?php
if (isset($submit_personal)) {
# Save personal information
<?php
if (isset($submit_personal)) {
# Save personal information
- if (isset($full_name)) setPref($data_dir, $username, "full_name", sqStripSlashes($full_name));
- if (isset($email_address)) setPref($data_dir, $username, "email_address", sqStripSlashes($email_address));
- if (isset($reply_to)) setPref($data_dir, $username, "reply_to", sqStripSlashes($reply_to));
- setPref($data_dir, $username, "use_signature", sqStripSlashes($usesignature));
- if (isset($signature_edit)) setSig($data_dir, $username, sqStripSlashes($signature_edit));
+ if (isset($full_name)) setPref($data_dir, $username, "full_name", $full_name);
+ if (isset($email_address)) setPref($data_dir, $username, "email_address", $email_address);
+ if (isset($reply_to)) setPref($data_dir, $username, "reply_to", $reply_to);
+ setPref($data_dir, $username, "use_signature", $usesignature);
+ if (isset($signature_edit)) setSig($data_dir, $username, $signature_edit);
do_hook("options_personal_save");
do_hook("options_personal_save");
// $message contains all information about the message
// including header and body
$message = sqimap_get_message($imapConnection, $passed_id, $mailbox);
// $message contains all information about the message
// including header and body
$message = sqimap_get_message($imapConnection, $passed_id, $mailbox);
/** translate the subject and mailbox into url-able text **/
/** translate the subject and mailbox into url-able text **/
- $url_subj = urlencode(trim(sqStripSlashes($message->header->subject)));
+ $url_subj = urlencode(trim($message->header->subject));
$urlMailbox = urlencode($mailbox);
$url_replyto = urlencode($message->header->replyto);
$urlMailbox = urlencode($mailbox);
$url_replyto = urlencode($message->header->replyto);