From 2bca6e1da0e46f93297a7f60ff449b6c6ebac239 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Wed, 20 Dec 2006 09:06:33 -0500
Subject: [PATCH] New (strict) quoting for all kind of strings

---
 program/steps/mail/upload.inc |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/program/steps/mail/upload.inc b/program/steps/mail/upload.inc
index cde4ed2..50a6dba 100644
--- a/program/steps/mail/upload.inc
+++ b/program/steps/mail/upload.inc
@@ -49,16 +49,16 @@
     if (is_file($CONFIG['skin_path'] . '/images/icons/remove-attachment.png'))
       $button = sprintf('<img src="%s/images/icons/remove-attachment.png" alt="%s" border="0" style="padding-right:2px;vertical-align:middle" />',
                         $CONFIG['skin_path'],
-                        rcube_label('delete'));
+                        Q(rcube_label('delete')));
     else
-      $button = rcube_label('delete');
+      $button = Q(rcube_label('delete'));
 
     $content = sprintf('<a href="#delete" onclick="return %s.command(\\\'remove-attachment\\\', \\\'rcmfile%d\\\', this)" title="%s">%s</a>%s',
                        $JS_OBJECT_NAME,
                        $id,
-                       rcube_label('delete'),
-                       $button,
-                       rep_specialchars_output($_FILES['_attachments']['name'][$i], 'js'));
+                       JQ(Q(rcube_label('delete'))),
+                       JQ($button),
+                       JQ(Q($_FILES['_attachments']['name'][$i])));
 
     $response .= sprintf('parent.%s.add2attachment_list(\'rcmfile%d\',\'%s\');',
                          $JS_OBJECT_NAME,

--
Gitblit v1.9.1