From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/settings/edit_response.inc |    9 ++++-----
 1 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/program/steps/settings/edit_response.inc b/program/steps/settings/edit_response.inc
index 760f282..7f3ac50 100644
--- a/program/steps/settings/edit_response.inc
+++ b/program/steps/settings/edit_response.inc
@@ -1,6 +1,6 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | program/steps/settings/edit_response.inc                              |
  |                                                                       |
@@ -35,7 +35,7 @@
 // save response
 if ($RCMAIL->action == 'save-response' && isset($_POST['_name']) && !$RESPONSE_RECORD['static']) {
     $name = trim(rcube_utils::get_input_value('_name', rcube_utils::INPUT_POST));
-    $text = trim(rcube_utils::get_input_value('_text', rcube_utils::INPUT_POST));
+    $text = trim(rcube_utils::get_input_value('_text', rcube_utils::INPUT_POST, true));
 
     if (!empty($name) && !empty($text)) {
         $dupes = 0;
@@ -72,14 +72,14 @@
 
 $OUTPUT->set_env('readonly', !empty($RESPONSE_RECORD['static']));
 $OUTPUT->add_handler('responseform', 'rcube_response_form');
-$OUTPUT->set_pagetitle($RCMAIL->gettext($RCMAIL->action == 'add-response' ? 'savenewresponse' : 'editresponse'));
+$OUTPUT->set_pagetitle($RCMAIL->gettext($RCMAIL->action == 'add-response' ? 'addresponse' : 'editresponse'));
 
 $OUTPUT->send('responseedit');
 
 
 function rcube_response_form($attrib)
 {
-    global $RCMAIL, $OUTPUT, $RESPONSE_RECORD;
+    global $RCMAIL, $RESPONSE_RECORD;
 
     // Set form tags and hidden fields
     $disabled = !empty($RESPONSE_RECORD['static']);
@@ -91,7 +91,6 @@
     $out = "$form_start\n";
 
     $table = new html_table(array('cols' => 2));
-    $label = $RCMAIL->gettext('responsename');
 
     $table->add('title', html::label('ffname', rcube::Q($RCMAIL->gettext('responsename'))));
     $table->add(null, rcube_output::get_edit_field('name', $RESPONSE_RECORD['name'],

--
Gitblit v1.9.1