From 4fdaa02ac724e597479a4a48388a8a10101000fd Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 06 Apr 2013 13:28:47 -0400
Subject: [PATCH] Fix handling of invalid characters in message headers and output (#1489032)

---
 program/lib/Roundcube/html.php |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/program/lib/Roundcube/html.php b/program/lib/Roundcube/html.php
index 5927203..7b30e60 100644
--- a/program/lib/Roundcube/html.php
+++ b/program/lib/Roundcube/html.php
@@ -35,6 +35,7 @@
     public static $common_attrib = array('id','class','style','title','align');
     public static $containers = array('iframe','div','span','p','h1','h2','h3','form','textarea','table','thead','tbody','tr','th','td','style','script');
 
+
     /**
      * Constructor
      *
@@ -332,7 +333,16 @@
      */
     public static function quote($str)
     {
-        return @htmlspecialchars($str, ENT_COMPAT, RCUBE_CHARSET);
+        static $flags;
+
+        if (!$flags) {
+            $flags = ENT_COMPAT;
+            if (defined('ENT_SUBSTITUTE')) {
+                $flags |= ENT_SUBSTITUTE;
+            }
+        }
+
+        return @htmlspecialchars($str, $flags, RCUBE_CHARSET);
     }
 }
 

--
Gitblit v1.9.1