summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-06-26 18:32:28 +0200
committerAleksander Machniak <alec@alec.pl>2013-06-26 18:32:28 +0200
commit357dc9722869e77323d2e02773da1b54bd1737c9 (patch)
tree56cb93177cdc90b8db21ce349f5077a4a7b6cefe
parentdaa131395e25765b2cd0c31302e0fa9021528b9e (diff)
Fix handling of &, <, > characters in scripts/filter names (#1489208)
-rw-r--r--plugins/managesieve/Changelog2
-rw-r--r--plugins/managesieve/managesieve.js8
-rw-r--r--plugins/managesieve/managesieve.php6
3 files changed, 9 insertions, 7 deletions
diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog
index 5f31d311c..159cc3ef9 100644
--- a/plugins/managesieve/Changelog
+++ b/plugins/managesieve/Changelog
@@ -1,3 +1,5 @@
+- Fix handling of &, <, > characters in scripts/filter names (#1489208)
+
* version 6.2 [2013-02-17]
-----------------------------------------------------------
- Support tls:// prefix in managesieve_host option
diff --git a/plugins/managesieve/managesieve.js b/plugins/managesieve/managesieve.js
index 04b9a76af..035ed7bec 100644
--- a/plugins/managesieve/managesieve.js
+++ b/plugins/managesieve/managesieve.js
@@ -258,7 +258,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o)
var i, row = $('#rcmrow'+this.managesieve_rowid(o.id));
if (o.name)
- $('td', row).html(o.name);
+ $('td', row).text(o.name);
if (o.disabled)
row.addClass('disabled');
else
@@ -273,7 +273,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o)
var list = this.filters_list,
row = $('<tr><td class="name"></td></tr>');
- $('td', row).html(o.name);
+ $('td', row).text(o.name);
row.attr('id', 'rcmrow'+o.id);
if (o.disabled)
row.addClass('disabled');
@@ -297,7 +297,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o)
tr = document.createElement('TR');
td = document.createElement('TD');
- td.innerHTML = el.name;
+ $(td).text(el.name);
td.className = 'name';
tr.id = 'rcmrow' + el.id;
if (el['class'])
@@ -346,7 +346,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o)
list = this.filtersets_list,
row = $('<tr class="disabled"><td class="name"></td></tr>');
- $('td', row).html(o.name);
+ $('td', row).text(o.name);
row.attr('id', 'rcmrow'+id);
this.env.filtersets[id] = o.name;
diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php
index 2f558faa7..80face70a 100644
--- a/plugins/managesieve/managesieve.php
+++ b/plugins/managesieve/managesieve.php
@@ -967,7 +967,7 @@ class managesieve extends rcube_plugin
$this->rc->output->command('parent.managesieve_updatelist',
isset($new) ? 'add' : 'update',
array(
- 'name' => Q($this->form['name']),
+ 'name' => $this->form['name'],
'id' => $fid,
'disabled' => $this->form['disabled']
));
@@ -1049,7 +1049,7 @@ class managesieve extends rcube_plugin
foreach ($list as $idx => $set) {
$scripts['S'.$idx] = $set;
$result[] = array(
- 'name' => Q($set),
+ 'name' => $set,
'id' => 'S'.$idx,
'class' => !in_array($set, $this->active) ? 'disabled' : '',
);
@@ -2039,7 +2039,7 @@ class managesieve extends rcube_plugin
$fname = $filter['name'] ? $filter['name'] : "#$i";
$result[] = array(
'id' => $idx,
- 'name' => Q($fname),
+ 'name' => $fname,
'class' => $filter['disabled'] ? 'disabled' : '',
);
$i++;