From 2ac00a258b9aa859ea78da25cd906e1709df5b75 Mon Sep 17 00:00:00 2001
From: Paweł Słowik <pawel.slowik@iq.pl>
Date: Thu, 30 Aug 2012 13:31:40 -0400
Subject: [PATCH] Sieve enotify/notify - parser
---
program/include/html.php | 59 ++++++++++++++++++++++++++++++++++-------------------------
1 files changed, 34 insertions(+), 25 deletions(-)
diff --git a/program/include/html.php b/program/include/html.php
index 305a397..c6507f8 100644
--- a/program/include/html.php
+++ b/program/include/html.php
@@ -17,10 +17,7 @@
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
- */
+*/
/**
@@ -157,7 +154,7 @@
$attr = array('src' => $attr);
}
return self::tag('img', $attr + array('alt' => ''), null, array_merge(self::$common_attrib,
- array('src','alt','width','height','border','usemap','onclick')));
+ array('src','alt','width','height','border','usemap','onclick')));
}
/**
@@ -174,7 +171,7 @@
$attr = array('href' => $attr);
}
return self::tag('a', $attr, $cont, array_merge(self::$common_attrib,
- array('href','target','name','rel','onclick','onmouseover','onmouseout','onmousedown','onmouseup')));
+ array('href','target','name','rel','onclick','onmouseover','onmouseout','onmousedown','onmouseup')));
}
/**
@@ -298,7 +295,7 @@
}
}
else {
- $attrib_arr[] = $key . '="' . self::quote($value) . '"';
+ $attrib_arr[] = $key . '="' . self::quote($value, true) . '"';
}
}
@@ -331,17 +328,20 @@
/**
* Replacing specials characters in html attribute value
*
- * @param string $str Input string
+ * @param string $str Input string
+ * @param bool $validate Enables double quotation prevention
*
* @return string The quoted string
*/
- public static function quote($str)
+ public static function quote($str, $validate = false)
{
$str = htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET);
// avoid douple quotation of &
- // @TODO: get rid of it?
- $str = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str);
+ // @TODO: get rid of it
+ if ($validate) {
+ $str = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str);
+ }
return $str;
}
@@ -358,7 +358,7 @@
protected $tagname = 'input';
protected $type = 'text';
protected $allowed = array(
- 'type','name','value','size','tabindex',
+ 'type','name','value','size','tabindex','autocapitalize',
'autocomplete','checked','onchange','onclick','disabled','readonly',
'spellcheck','results','maxlength','src','multiple','placeholder',
);
@@ -532,7 +532,7 @@
{
protected $tagname = 'textarea';
protected $allowed = array('name','rows','cols','wrap','tabindex',
- 'onchange','disabled','readonly','spellcheck');
+ 'onchange','disabled','readonly','spellcheck');
/**
* Get HTML code for this object
@@ -558,12 +558,12 @@
unset($this->attrib['value']);
}
- if (!empty($value) && !preg_match('/mce_editor/', $this->attrib['class'])) {
- $value = self::quote($value);
+ if (!empty($value) && empty($this->attrib['is_escaped'])) {
+ $value = self::quote($value, true);
}
return self::tag($this->tagname, $this->attrib, $value,
- array_merge(self::$common_attrib, $this->allowed));
+ array_merge(self::$common_attrib, $this->allowed));
}
}
@@ -591,7 +591,7 @@
protected $tagname = 'select';
protected $options = array();
protected $allowed = array('name','size','tabindex','autocomplete',
- 'multiple','onchange','disabled','rel');
+ 'multiple','onchange','disabled','rel');
/**
* Add a new option to this drop-down
@@ -633,7 +633,12 @@
'selected' => (in_array($option['value'], $select, true) ||
in_array($option['text'], $select, true)) ? 1 : null);
- $this->content .= self::tag('option', $attr, self::quote($option['text']));
+ $option_content = $option['text'];
+ if (empty($this->attrib['is_escaped'])) {
+ $option_content = self::quote($option_content, true);
+ }
+
+ $this->content .= self::tag('option', $attr, $option_content);
}
return parent::show();
@@ -650,7 +655,7 @@
{
protected $tagname = 'table';
protected $allowed = array('id','class','style','width','summary',
- 'cellpadding','cellspacing','border');
+ 'cellpadding','cellspacing','border');
private $header = array();
private $rows = array();
@@ -700,8 +705,9 @@
*/
public function add_header($attr, $cont)
{
- if (is_string($attr))
- $attr = array('class' => $attr);
+ if (is_string($attr)) {
+ $attr = array('class' => $attr);
+ }
$cell = new stdClass;
$cell->attrib = $attr;
@@ -758,11 +764,13 @@
*/
public function set_row_attribs($attr = array(), $index = null)
{
- if (is_string($attr))
- $attr = array('class' => $attr);
+ if (is_string($attr)) {
+ $attr = array('class' => $attr);
+ }
- if ($index === null)
+ if ($index === null) {
$index = $this->rowindex;
+ }
$this->rows[$index]->attrib = $attr;
}
@@ -776,8 +784,9 @@
*/
public function get_row_attribs($index = null)
{
- if ($index === null)
+ if ($index === null) {
$index = $this->rowindex;
+ }
return $this->rows[$index] ? $this->rows[$index]->attrib : null;
}
--
Gitblit v1.9.1