From 1b9923208c64f4d3494e185ac3d249df5fbb8552 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 21 Sep 2012 04:11:05 -0400
Subject: [PATCH] Re-fix HTML entities handling in addressbook names

---
 program/steps/addressbook/import.inc |    2 +-
 program/steps/addressbook/edit.inc   |    7 ++++---
 program/include/rcmail.php           |    2 +-
 program/steps/addressbook/func.inc   |    6 +++---
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 5a9a1fa..ee144fa 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -281,7 +281,7 @@
         }
         $list[$id] = array(
           'id'       => $id,
-          'name'     => $prop['name'],
+          'name'     => html::quote($prop['name']),
           'groups'   => is_array($prop['groups']),
           'readonly' => !$prop['writable'],
           'hidden'   => $prop['hidden'],
diff --git a/program/steps/addressbook/edit.inc b/program/steps/addressbook/edit.inc
index 90069a7..b216a7c 100644
--- a/program/steps/addressbook/edit.inc
+++ b/program/steps/addressbook/edit.inc
@@ -244,11 +244,12 @@
     if (count($sources_list) < 2) {
         $source = $sources_list[$SOURCE_ID];
         $hiddenfield = new html_hiddenfield(array('name' => '_source', 'value' => $SOURCE_ID));
-        return html::span($attrib, Q($source['name']) . $hiddenfield->show());
+        return html::span($attrib, $source['name'] . $hiddenfield->show());
     }
 
-    $attrib['name'] = '_source';
-    $attrib['onchange'] = JS_OBJECT_NAME . ".command('save', 'reload', this.form)";
+    $attrib['name']       = '_source';
+    $attrib['is_escaped'] = true;
+    $attrib['onchange']   = JS_OBJECT_NAME . ".command('save', 'reload', this.form)";
 
     $select = new html_select($attrib);
 
diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc
index 44d216c..4ef4d1b 100644
--- a/program/steps/addressbook/func.inc
+++ b/program/steps/addressbook/func.inc
@@ -178,7 +178,7 @@
         if (!$name && $source == 0) {
             $name = rcube_label('personaladrbook');
         }
-        $OUTPUT->set_env('sourcename', $name);
+        $OUTPUT->set_env('sourcename', html_entity_decode($name, ENT_COMPAT, 'UTF-8'));
     }
 }
 
@@ -219,13 +219,13 @@
         if ($source['class_name'])
             $class_name .= ' ' . $source['class_name'];
 
-        $name = !empty($source['name']) ? html_entity_decode($source['name'], ENT_COMPAT, 'UTF-8') : $id;
+        $name = !empty($source['name']) ? $source['name'] : $id;
         $out .= sprintf($line_templ,
             html_identifier($id),
             $class_name,
             Q(rcmail_url(null, array('_source' => $id))),
             $source['id'],
-            $js_id, Q($name));
+            $js_id, $name);
 
         $groupdata = array('out' => $out, 'jsdata' => $jsdata, 'source' => $id);
         if ($source['groups'])
diff --git a/program/steps/addressbook/import.inc b/program/steps/addressbook/import.inc
index 15e04b8..fb2251f 100644
--- a/program/steps/addressbook/import.inc
+++ b/program/steps/addressbook/import.inc
@@ -43,7 +43,7 @@
 
   // addressbook selector
   if (count($writable_books) > 1) {
-    $select = new html_select(array('name' => '_target', 'id' => 'rcmimporttarget'));
+    $select = new html_select(array('name' => '_target', 'id' => 'rcmimporttarget', 'is_escaped' => true));
 
     foreach ($writable_books as $book)
         $select->add($book['name'], $book['id']);

--
Gitblit v1.9.1