githubFork/roundcubemail.git

parent: 5a575b7e | patch | commit | ignore whitespace

Add is_escaped attribute for html_select and html_textarea (#1488485)

Aleksander Machniak

2012-05-22 0a1dd5b073f0dfc42439ab168246ae0ae6921414

Add is_escaped attribute for html_select and html_textarea (#1488485)

5 files modified

	CHANGELOG	1 ●●●●● patch \| view \| raw \| blame \| history
	program/include/html.php	24 ●●●●● patch \| view \| raw \| blame \| history
	program/include/rcmail.php	9 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/compose.inc	1 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/settings/edit_identity.inc	3 ●●●●● patch \| view \| raw \| blame \| history

 CHANGELOG

@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================

- Add is_escaped attribute for html_select and html_textarea (#1488485)
- Fix HTML entities handling in HTML editor (#1488483)
- Fix listing shared folders on Courier IMAP (#1488466)
- Fix issue where draft auto-save wasn't executed after some inactivity time

 program/include/html.php

@@ -298,7 +298,7 @@
                }
            }
            else {
                $attrib_arr[] = $key . '="' . self::quote($value) . '"';
                $attrib_arr[] = $key . '="' . self::quote($value, true) . '"';
            }
        }

@@ -331,17 +331,20 @@
    /**
     * Replacing specials characters in html attribute value
     *
     * @param  string  $str  Input string
     * @param  string  $str       Input string
     * @param  bool    $validate  Enables double quotation prevention
     *
     * @return string  The quoted string
     */
    public static function quote($str)
    public static function quote($str, $validate = false)
    {
        $str = htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET);

        // avoid douple quotation of &
        // @TODO: get rid of it?
        $str = preg_replace('/&amp;([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str);
        // @TODO: get rid of it
        if ($validate) {
            $str = preg_replace('/&amp;([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str);
        }

        return $str;
    }
@@ -558,8 +561,8 @@
            unset($this->attrib['value']);
        }

        if (!empty($value) && !preg_match('/mce_editor/', $this->attrib['class'])) {
            $value = self::quote($value);
        if (!empty($value) && empty($this->attrib['is_escaped'])) {
            $value = self::quote($value, true);
        }

        return self::tag($this->tagname, $this->attrib, $value,
@@ -633,7 +636,12 @@
                'selected' => (in_array($option['value'], $select, true) ||
                  in_array($option['text'], $select, true)) ? 1 : null);

            $this->content .= self::tag('option', $attr, self::quote($option['text']));
            $option_content = $option['text'];
            if (empty($this->attrib['is_escaped'])) {
                $option_content = self::quote($option_content, true);
            }

            $this->content .= self::tag('option', $attr, $option_content);
        }

        return parent::show();

 program/include/rcmail.php

@@ -1329,11 +1329,12 @@
        $attrib      = $hook['attribs'];

        if ($type == 'select') {
            $attrib['is_escaped'] = true;
            $select = new html_select($attrib);

            // add no-selection option
            if ($attrib['noselection']) {
                $select->add($rcmail->gettext($attrib['noselection']), '');
                $select->add(html::quote($rcmail->gettext($attrib['noselection'])), '');
            }

            $rcmail->render_folder_tree_select($a_mailboxes, $mbox_name, $attrib['maxlength'], $select, $attrib['realnames']);
@@ -1362,7 +1363,7 @@
     */
    public function folder_selector($p = array())
    {
        $p += array('maxlength' => 100, 'realnames' => false);
        $p += array('maxlength' => 100, 'realnames' => false, 'is_escaped' => true);
        $a_mailboxes = array();
        $storage = $this->get_storage();

@@ -1388,7 +1389,7 @@
        $select = new html_select($p);

        if ($p['noselection']) {
            $select->add($p['noselection'], '');
            $select->add(html::quote($p['noselection']), '');
        }

        $this->render_folder_tree_select($a_mailboxes, $mbox, $p['maxlength'], $select, $p['realnames'], 0, $p);
@@ -1579,7 +1580,7 @@
                }
            }

            $select->add(str_repeat('&nbsp;', $nestLevel*4) . $foldername, $folder['id']);
            $select->add(str_repeat('&nbsp;', $nestLevel*4) . html::quote($foldername), $folder['id']);

            if (!empty($folder['folders'])) {
                $out .= $this->render_folder_tree_select($folder['folders'], $mbox_name, $maxlength,

 program/steps/mail/compose.inc

@@ -772,6 +772,7 @@
  if ($isHtml) {
    $MESSAGE_BODY = htmlentities($MESSAGE_BODY, ENT_NOQUOTES, RCMAIL_CHARSET);
    $attrib['class'] = 'mce_editor';
    $attrib['is_escaped'] = true;
    $textarea = new html_textarea($attrib);
    $out .= $textarea->show($MESSAGE_BODY);
  }

 program/steps/settings/edit_identity.inc

@@ -88,7 +88,8 @@

  // Enable TinyMCE editor
  if ($IDENTITY_RECORD['html_signature']) {
    $form['signature']['content']['signature']['class'] = 'mce_editor';
    $form['signature']['content']['signature']['class']      = 'mce_editor';
    $form['signature']['content']['signature']['is_escaped'] = true;
  }

  $IDENTITY_RECORD['signature'] = htmlentities($IDENTITY_RECORD['signature'], ENT_NOQUOTES, RCMAIL_CHARSET);

			@@ -1,6 +1,7 @@
			CHANGELOG Roundcube Webmail
			===========================

			- Add is_escaped attribute for html_select and html_textarea (#1488485)
			- Fix HTML entities handling in HTML editor (#1488483)
			- Fix listing shared folders on Courier IMAP (#1488466)
			- Fix issue where draft auto-save wasn't executed after some inactivity time

			@@ -298,7 +298,7 @@
			}
			}
			else {
			$attrib_arr[] = $key . '="' . self::quote($value) . '"';
			$attrib_arr[] = $key . '="' . self::quote($value, true) . '"';
			}
			}

			@@ -331,17 +331,20 @@
			/**
			* Replacing specials characters in html attribute value
			*
			* @param string $str Input string
			* @param string $str Input string
			* @param bool $validate Enables double quotation prevention
			*
			* @return string The quoted string
			*/
			public static function quote($str)
			public static function quote($str, $validate = false)
			{
			$str = htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET);

			// avoid douple quotation of &
			// @TODO: get rid of it?
			$str = preg_replace('/&([A-Za-z]{2,6}\|#[0-9]{2,4});/', '&\\1;', $str);
			// @TODO: get rid of it
			if ($validate) {
			$str = preg_replace('/&([A-Za-z]{2,6}\|#[0-9]{2,4});/', '&\\1;', $str);
			}

			return $str;
			}
			@@ -558,8 +561,8 @@
			unset($this->attrib['value']);
			}

			if (!empty($value) && !preg_match('/mce_editor/', $this->attrib['class'])) {
			$value = self::quote($value);
			if (!empty($value) && empty($this->attrib['is_escaped'])) {
			$value = self::quote($value, true);
			}

			return self::tag($this->tagname, $this->attrib, $value,
			@@ -633,7 +636,12 @@
			'selected' => (in_array($option['value'], $select, true) \|\|
			in_array($option['text'], $select, true)) ? 1 : null);

			$this->content .= self::tag('option', $attr, self::quote($option['text']));
			$option_content = $option['text'];
			if (empty($this->attrib['is_escaped'])) {
			$option_content = self::quote($option_content, true);
			}

			$this->content .= self::tag('option', $attr, $option_content);
			}

			return parent::show();

			@@ -1329,11 +1329,12 @@
			$attrib = $hook['attribs'];

			if ($type == 'select') {
			$attrib['is_escaped'] = true;
			$select = new html_select($attrib);

			// add no-selection option
			if ($attrib['noselection']) {
			$select->add($rcmail->gettext($attrib['noselection']), '');
			$select->add(html::quote($rcmail->gettext($attrib['noselection'])), '');
			}

			$rcmail->render_folder_tree_select($a_mailboxes, $mbox_name, $attrib['maxlength'], $select, $attrib['realnames']);
			@@ -1362,7 +1363,7 @@
			*/
			public function folder_selector($p = array())
			{
			$p += array('maxlength' => 100, 'realnames' => false);
			$p += array('maxlength' => 100, 'realnames' => false, 'is_escaped' => true);
			$a_mailboxes = array();
			$storage = $this->get_storage();

			@@ -1388,7 +1389,7 @@
			$select = new html_select($p);

			if ($p['noselection']) {
			$select->add($p['noselection'], '');
			$select->add(html::quote($p['noselection']), '');
			}

			$this->render_folder_tree_select($a_mailboxes, $mbox, $p['maxlength'], $select, $p['realnames'], 0, $p);
			@@ -1579,7 +1580,7 @@
			}
			}

			$select->add(str_repeat(' ', $nestLevel*4) . $foldername, $folder['id']);
			$select->add(str_repeat(' ', $nestLevel*4) . html::quote($foldername), $folder['id']);

			if (!empty($folder['folders'])) {
			$out .= $this->render_folder_tree_select($folder['folders'], $mbox_name, $maxlength,

			@@ -772,6 +772,7 @@
			if ($isHtml) {
			$MESSAGE_BODY = htmlentities($MESSAGE_BODY, ENT_NOQUOTES, RCMAIL_CHARSET);
			$attrib['class'] = 'mce_editor';
			$attrib['is_escaped'] = true;
			$textarea = new html_textarea($attrib);
			$out .= $textarea->show($MESSAGE_BODY);
			}

			@@ -88,7 +88,8 @@

			// Enable TinyMCE editor
			if ($IDENTITY_RECORD['html_signature']) {
			$form['signature']['content']['signature']['class'] = 'mce_editor';
			$form['signature']['content']['signature']['class'] = 'mce_editor';
			$form['signature']['content']['signature']['is_escaped'] = true;
			}

			$IDENTITY_RECORD['signature'] = htmlentities($IDENTITY_RECORD['signature'], ENT_NOQUOTES, RCMAIL_CHARSET);