From 7c8fd8031038e7958ef4dbb059e86decd6fefa28 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 30 Jun 2012 12:41:18 -0400
Subject: [PATCH] Show explicit error message when provided hostname is invalid (#1488550)
---
program/include/html.php | 29 +++++++++++++++++------------
1 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/program/include/html.php b/program/include/html.php
index 305a397..b42da1d 100644
--- a/program/include/html.php
+++ b/program/include/html.php
@@ -17,10 +17,7 @@
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
- */
+*/
/**
@@ -298,7 +295,7 @@
}
}
else {
- $attrib_arr[] = $key . '="' . self::quote($value) . '"';
+ $attrib_arr[] = $key . '="' . self::quote($value, true) . '"';
}
}
@@ -331,17 +328,20 @@
/**
* Replacing specials characters in html attribute value
*
- * @param string $str Input string
+ * @param string $str Input string
+ * @param bool $validate Enables double quotation prevention
*
* @return string The quoted string
*/
- public static function quote($str)
+ public static function quote($str, $validate = false)
{
$str = htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET);
// avoid douple quotation of &
- // @TODO: get rid of it?
- $str = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str);
+ // @TODO: get rid of it
+ if ($validate) {
+ $str = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str);
+ }
return $str;
}
@@ -558,8 +558,8 @@
unset($this->attrib['value']);
}
- if (!empty($value) && !preg_match('/mce_editor/', $this->attrib['class'])) {
- $value = self::quote($value);
+ if (!empty($value) && empty($this->attrib['is_escaped'])) {
+ $value = self::quote($value, true);
}
return self::tag($this->tagname, $this->attrib, $value,
@@ -633,7 +633,12 @@
'selected' => (in_array($option['value'], $select, true) ||
in_array($option['text'], $select, true)) ? 1 : null);
- $this->content .= self::tag('option', $attr, self::quote($option['text']));
+ $option_content = $option['text'];
+ if (empty($this->attrib['is_escaped'])) {
+ $option_content = self::quote($option_content, true);
+ }
+
+ $this->content .= self::tag('option', $attr, $option_content);
}
return parent::show();
--
Gitblit v1.9.1