diff options
author | Aleksander Machniak <alec@alec.pl> | 2013-06-26 18:32:28 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2013-06-26 18:32:28 +0200 |
commit | 357dc9722869e77323d2e02773da1b54bd1737c9 (patch) | |
tree | 56cb93177cdc90b8db21ce349f5077a4a7b6cefe | |
parent | daa131395e25765b2cd0c31302e0fa9021528b9e (diff) |
Fix handling of &, <, > characters in scripts/filter names (#1489208)
-rw-r--r-- | plugins/managesieve/Changelog | 2 | ||||
-rw-r--r-- | plugins/managesieve/managesieve.js | 8 | ||||
-rw-r--r-- | plugins/managesieve/managesieve.php | 6 |
3 files changed, 9 insertions, 7 deletions
diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog index 5f31d311c..159cc3ef9 100644 --- a/plugins/managesieve/Changelog +++ b/plugins/managesieve/Changelog @@ -1,3 +1,5 @@ +- Fix handling of &, <, > characters in scripts/filter names (#1489208) + * version 6.2 [2013-02-17] ----------------------------------------------------------- - Support tls:// prefix in managesieve_host option diff --git a/plugins/managesieve/managesieve.js b/plugins/managesieve/managesieve.js index 04b9a76af..035ed7bec 100644 --- a/plugins/managesieve/managesieve.js +++ b/plugins/managesieve/managesieve.js @@ -258,7 +258,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) var i, row = $('#rcmrow'+this.managesieve_rowid(o.id)); if (o.name) - $('td', row).html(o.name); + $('td', row).text(o.name); if (o.disabled) row.addClass('disabled'); else @@ -273,7 +273,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) var list = this.filters_list, row = $('<tr><td class="name"></td></tr>'); - $('td', row).html(o.name); + $('td', row).text(o.name); row.attr('id', 'rcmrow'+o.id); if (o.disabled) row.addClass('disabled'); @@ -297,7 +297,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) tr = document.createElement('TR'); td = document.createElement('TD'); - td.innerHTML = el.name; + $(td).text(el.name); td.className = 'name'; tr.id = 'rcmrow' + el.id; if (el['class']) @@ -346,7 +346,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) list = this.filtersets_list, row = $('<tr class="disabled"><td class="name"></td></tr>'); - $('td', row).html(o.name); + $('td', row).text(o.name); row.attr('id', 'rcmrow'+id); this.env.filtersets[id] = o.name; diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php index 2f558faa7..80face70a 100644 --- a/plugins/managesieve/managesieve.php +++ b/plugins/managesieve/managesieve.php @@ -967,7 +967,7 @@ class managesieve extends rcube_plugin $this->rc->output->command('parent.managesieve_updatelist', isset($new) ? 'add' : 'update', array( - 'name' => Q($this->form['name']), + 'name' => $this->form['name'], 'id' => $fid, 'disabled' => $this->form['disabled'] )); @@ -1049,7 +1049,7 @@ class managesieve extends rcube_plugin foreach ($list as $idx => $set) { $scripts['S'.$idx] = $set; $result[] = array( - 'name' => Q($set), + 'name' => $set, 'id' => 'S'.$idx, 'class' => !in_array($set, $this->active) ? 'disabled' : '', ); @@ -2039,7 +2039,7 @@ class managesieve extends rcube_plugin $fname = $filter['name'] ? $filter['name'] : "#$i"; $result[] = array( 'id' => $idx, - 'name' => Q($fname), + 'name' => $fname, 'class' => $filter['disabled'] ? 'disabled' : '', ); $i++; |