From fa8f6e610ce50d9373832f1a5a846a9183f8d81d Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Tue, 24 Jul 2012 06:19:18 -0400
Subject: [PATCH] Correctly quote localized labels when used in javascript variables (#1488567)

---
 program/include/rcube_output_html.php |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/program/include/rcube_output_html.php b/program/include/rcube_output_html.php
index 7ceea18..30201fd 100644
--- a/program/include/rcube_output_html.php
+++ b/program/include/rcube_output_html.php
@@ -699,7 +699,15 @@
                     $vars = $attrib + array('product' => $this->config->get('product_name'));
                     unset($vars['name'], $vars['command']);
                     $label = $this->app->gettext($attrib + array('vars' => $vars));
-                    return !$attrib['noshow'] ? (get_boolean((string)$attrib['html']) ? $label : html::quote($label)) : '';
+                    $quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (get_boolean((string)$attrib['html']) ? 'no' : '');
+                    switch ($quoting) {
+                        case 'no':
+                        case 'raw': break;
+                        case 'javascript':
+                        case 'js': $label = rcmail::JQ($label); break;
+                        default:   $label = html::quote($label); break;
+                    }
+                    return !$attrib['noshow'] ? $label : '';
                 }
                 break;
 

--
Gitblit v1.9.1