diff options
| author | Thomas Bruederli <thomas@roundcube.net> | 2012-07-24 12:19:18 +0200 |
|---|---|---|
| committer | Thomas Bruederli <thomas@roundcube.net> | 2012-07-24 12:19:18 +0200 |
| commit | fa8f6e610ce50d9373832f1a5a846a9183f8d81d (patch) | |
| tree | f3a44018a13e827ffbf5a5cc3395367fbe55e547 | |
| parent | e19fafae04c6733a3c8ccddf9a6565ef2b40dce5 (diff) | |
Correctly quote localized labels when used in javascript variables (#1488567)
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | program/include/rcube_output_html.php | 10 | ||||
| -rw-r--r-- | skins/larry/includes/footer.html | 2 |
3 files changed, 11 insertions, 2 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Correctly escape localized labels in javascript variable (#1488567) - Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#1488571) - Don't add attachments content into reply/forward/draft message body (#1488557) - Fix 'no connection' errors on page unloads (#1488547) diff --git a/program/include/rcube_output_html.php b/program/include/rcube_output_html.php index 7ceea1839..30201fd04 100644 --- a/program/include/rcube_output_html.php +++ b/program/include/rcube_output_html.php @@ -699,7 +699,15 @@ class rcube_output_html extends rcube_output $vars = $attrib + array('product' => $this->config->get('product_name')); unset($vars['name'], $vars['command']); $label = $this->app->gettext($attrib + array('vars' => $vars)); - return !$attrib['noshow'] ? (get_boolean((string)$attrib['html']) ? $label : html::quote($label)) : ''; + $quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (get_boolean((string)$attrib['html']) ? 'no' : ''); + switch ($quoting) { + case 'no': + case 'raw': break; + case 'javascript': + case 'js': $label = rcmail::JQ($label); break; + default: $label = html::quote($label); break; + } + return !$attrib['noshow'] ? $label : ''; } break; diff --git a/skins/larry/includes/footer.html b/skins/larry/includes/footer.html index 4a6f8f09c..ee93fcf57 100644 --- a/skins/larry/includes/footer.html +++ b/skins/larry/includes/footer.html @@ -3,7 +3,7 @@ // UI startup var UI = new rcube_mail_ui(); $(document).ready(function(){ - UI.set('errortitle', '<roundcube:label name="errortitle" />'); + UI.set('errortitle', '<roundcube:label name="errortitle" quoting="javascript" />'); UI.init(); }); |