From 2bca6e1da0e46f93297a7f60ff449b6c6ebac239 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Wed, 20 Dec 2006 09:06:33 -0500
Subject: [PATCH] New (strict) quoting for all kind of strings
---
program/steps/mail/compose.inc | 53 +++++++++++++++++++++++++++--------------------------
1 files changed, 27 insertions(+), 26 deletions(-)
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index ddc8610..a50b1ec 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -447,25 +447,26 @@
$lang_set = "googie.setLanguages(".array2js($CONFIG['spellcheck_languages']).");\n";
$OUTPUT->include_script('googiespell.js');
- $OUTPUT->add_script(sprintf("var googie = new GoogieSpell('\$__skin_path/images/googiespell/','%s&_action=spell&lang=');\n".
- "googie.lang_chck_spell = \"%s\";\n".
- "googie.lang_rsm_edt = \"%s\";\n".
- "googie.lang_close = \"%s\";\n".
- "googie.lang_revert = \"%s\";\n".
- "googie.lang_no_error_found = \"%s\";\n%s".
- "googie.setCurrentLanguage('%s');\n".
- "googie.decorateTextarea('%s');\n".
- "%s.set_env('spellcheck', googie);",
- $GLOBALS['COMM_PATH'],
- rep_specialchars_output(rcube_label('checkspelling')),
- rep_specialchars_output(rcube_label('resumeediting')),
- rep_specialchars_output(rcube_label('close')),
- rep_specialchars_output(rcube_label('revertto')),
- rep_specialchars_output(rcube_label('nospellerrors')),
- $lang_set,
- substr($_SESSION['user_lang'], 0, 2),
- $attrib['id'],
- $JS_OBJECT_NAME), 'foot');
+ $OUTPUT->add_script(sprintf(
+ "var googie = new GoogieSpell('\$__skin_path/images/googiespell/','%s&_action=spell&lang=');\n".
+ "googie.lang_chck_spell = \"%s\";\n".
+ "googie.lang_rsm_edt = \"%s\";\n".
+ "googie.lang_close = \"%s\";\n".
+ "googie.lang_revert = \"%s\";\n".
+ "googie.lang_no_error_found = \"%s\";\n%s".
+ "googie.setCurrentLanguage('%s');\n".
+ "googie.decorateTextarea('%s');\n".
+ "%s.set_env('spellcheck', googie);",
+ $GLOBALS['COMM_PATH'],
+ JQ(Q(rcube_label('checkspelling'))),
+ JQ(Q(rcube_label('resumeediting'))),
+ JQ(Q(rcube_label('close'))),
+ JQ(Q(rcube_label('revertto'))),
+ JQ(Q(rcube_label('nospellerrors'))),
+ $lang_set,
+ substr($_SESSION['user_lang'], 0, 2),
+ $attrib['id'],
+ $JS_OBJECT_NAME), 'foot');
rcube_add_label('checking');
}
@@ -552,10 +553,10 @@
"<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">From: </th><td>%s</td></tr>" .
"<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">To: </th><td>%s</td></tr>" .
"</tbody></table><br>",
- rep_specialchars_output($MESSAGE['subject']),
- rep_specialchars_output($MESSAGE['headers']->date),
- rep_specialchars_output($IMAP->decode_header($MESSAGE['headers']->from)),
- rep_specialchars_output($IMAP->decode_header($MESSAGE['headers']->to)));
+ Q($MESSAGE['subject']),
+ Q($MESSAGE['headers']->date),
+ Q($IMAP->decode_header($MESSAGE['headers']->from)),
+ Q($IMAP->decode_header($MESSAGE['headers']->to)));
}
// add attachments
@@ -692,9 +693,9 @@
$id,
$JS_OBJECT_NAME,
$id,
- rcube_label('delete'),
+ Q(rcube_label('delete')),
$button,
- rep_specialchars_output($a_prop['name']));
+ Q($a_prop['name']));
}
$OUTPUT->add_script(sprintf("%s.gui_object('attachmentlist', '%s');", $JS_OBJECT_NAME, $attrib['id']));
@@ -895,7 +896,7 @@
$a_contacts = array();
while ($sql_arr = $DB->fetch_assoc($sql_result))
if ($sql_arr['email'])
- $a_contacts[] = format_email_recipient($sql_arr['email'], rep_specialchars_output($sql_arr['name'], 'js'));
+ $a_contacts[] = format_email_recipient($sql_arr['email'], JQ($sql_arr['name']));
$OUTPUT->add_script(sprintf("$JS_OBJECT_NAME.set_env('contacts', %s);", array2js($a_contacts)));
}
--
Gitblit v1.9.1