From 55150f858fc5b46eefed76687352283d4ef1503c Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Fri, 27 May 2011 09:20:46 -0400
Subject: [PATCH] - Fix handling of "<" character in group name
---
program/steps/addressbook/groups.inc | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/program/steps/addressbook/groups.inc b/program/steps/addressbook/groups.inc
index 4c70bf1..2517873 100644
--- a/program/steps/addressbook/groups.inc
+++ b/program/steps/addressbook/groups.inc
@@ -68,7 +68,7 @@
}
else if ($RCMAIL->action == 'group-create') {
- if ($name = trim(get_input_value('_name', RCUBE_INPUT_POST))) {
+ if ($name = trim(get_input_value('_name', RCUBE_INPUT_POST, true))) {
$plugin = $RCMAIL->plugins->exec_hook('group_create', array('name' => $name, 'source' => $source));
if (!$plugin['abort'])
@@ -78,6 +78,7 @@
}
if ($created && $OUTPUT->ajax_call) {
+ $created['name'] = Q($created['name']);
$OUTPUT->show_message('groupcreated', 'confirmation');
$OUTPUT->command('insert_contact_group', array('source' => $source) + $created);
}
@@ -87,7 +88,7 @@
}
else if ($RCMAIL->action == 'group-rename') {
- if (($gid = get_input_value('_gid', RCUBE_INPUT_POST)) && ($name = trim(get_input_value('_name', RCUBE_INPUT_POST)))) {
+ if (($gid = get_input_value('_gid', RCUBE_INPUT_POST)) && ($name = trim(get_input_value('_name', RCUBE_INPUT_POST, true)))) {
$plugin = $RCMAIL->plugins->exec_hook('group_rename', array('group_id' => $gid, 'name' => $name, 'source' => $source));
if (!$plugin['abort'])
@@ -99,7 +100,7 @@
if ($newname && $OUTPUT->ajax_call) {
$OUTPUT->show_message('grouprenamed', 'confirmation');
$OUTPUT->command('update_contact_group', array(
- 'source' => $source, 'id' => $gid, 'name' => $newname, 'newid' => $newgid));
+ 'source' => $source, 'id' => $gid, 'name' => Q($newname), 'newid' => $newgid));
}
else if (!$newname)
$OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsaving', 'error');
--
Gitblit v1.9.1