From 2c89ca7298ea693facc0f72c32c71f2bdcaff329 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <bruederli@kolabsys.com>
Date: Wed, 08 Aug 2012 15:29:40 -0400
Subject: [PATCH] Backporting: Fix HTML entities handling in HTML editor (#1488483)

---
 program/steps/mail/compose.inc           |   10 +++++-----
 program/steps/settings/edit_identity.inc |    2 ++
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index d09b920..a13507f 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -715,7 +715,7 @@
   if ($isHtml) {
     $attrib['class'] = 'mce_editor';
     $textarea = new html_textarea($attrib);
-    $out .= $textarea->show($MESSAGE_BODY);
+    $out .= $textarea->show(htmlentities($MESSAGE_BODY, ENT_NOQUOTES, RCMAIL_CHARSET));
   }
   else {
     $textarea = new html_textarea($attrib);
@@ -900,18 +900,18 @@
         "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
       rcube_label('subject'), Q($MESSAGE->subject),
       rcube_label('date'), Q($date),
-      rcube_label('from'), htmlspecialchars(Q($MESSAGE->get_header('from'), 'replace'), ENT_COMPAT, $charset),
-      rcube_label('to'), htmlspecialchars(Q($MESSAGE->get_header('to'), 'replace'), ENT_COMPAT, $charset));
+      rcube_label('from'), Q($MESSAGE->get_header('from'), 'replace'),
+      rcube_label('to'), Q($MESSAGE->get_header('to'), 'replace'));
 
     if ($MESSAGE->headers->cc)
       $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
         rcube_label('cc'),
-        htmlspecialchars(Q($MESSAGE->get_header('cc'), 'replace'), ENT_COMPAT, $charset));
+        Q($MESSAGE->get_header('cc'), 'replace'));
 
     if ($MESSAGE->headers->replyto && $MESSAGE->headers->replyto != $MESSAGE->headers->from)
       $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
         rcube_label('replyto'),
-        htmlspecialchars(Q($MESSAGE->get_header('replyto'), 'replace'), ENT_COMPAT, $charset));
+        Q($MESSAGE->get_header('replyto'), 'replace'));
 
     $prefix .= "</tbody></table><br>";
   }
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc
index a42e8d0..0b71535 100644
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@@ -88,6 +88,8 @@
     $form['signature']['content']['signature']['class'] = 'mce_editor';
   }
 
+  $IDENTITY_RECORD['signature'] = htmlentities($IDENTITY_RECORD['signature'], ENT_NOQUOTES, RCMAIL_CHARSET);
+
   // disable some field according to access level
   if (IDENTITIES_LEVEL == 1 || IDENTITIES_LEVEL == 3) {
     $form['addressing']['content']['email']['disabled'] = true;

--
Gitblit v1.9.1