From 0a1dd5b073f0dfc42439ab168246ae0ae6921414 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 May 2012 05:07:20 -0400
Subject: [PATCH] Add is_escaped attribute for html_select and html_textarea (#1488485)
---
program/include/rcmail.php | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index e684a15..ee98a36 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -1329,11 +1329,12 @@
$attrib = $hook['attribs'];
if ($type == 'select') {
+ $attrib['is_escaped'] = true;
$select = new html_select($attrib);
// add no-selection option
if ($attrib['noselection']) {
- $select->add($rcmail->gettext($attrib['noselection']), '');
+ $select->add(html::quote($rcmail->gettext($attrib['noselection'])), '');
}
$rcmail->render_folder_tree_select($a_mailboxes, $mbox_name, $attrib['maxlength'], $select, $attrib['realnames']);
@@ -1362,7 +1363,7 @@
*/
public function folder_selector($p = array())
{
- $p += array('maxlength' => 100, 'realnames' => false);
+ $p += array('maxlength' => 100, 'realnames' => false, 'is_escaped' => true);
$a_mailboxes = array();
$storage = $this->get_storage();
@@ -1388,7 +1389,7 @@
$select = new html_select($p);
if ($p['noselection']) {
- $select->add($p['noselection'], '');
+ $select->add(html::quote($p['noselection']), '');
}
$this->render_folder_tree_select($a_mailboxes, $mbox, $p['maxlength'], $select, $p['realnames'], 0, $p);
@@ -1579,7 +1580,7 @@
}
}
- $select->add(str_repeat(' ', $nestLevel*4) . $foldername, $folder['id']);
+ $select->add(str_repeat(' ', $nestLevel*4) . html::quote($foldername), $folder['id']);
if (!empty($folder['folders'])) {
$out .= $this->render_folder_tree_select($folder['folders'], $mbox_name, $maxlength,
--
Gitblit v1.9.1