summaryrefslogtreecommitdiff
path: root/plugins/managesieve
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-06-26 18:26:39 +0200
committerAleksander Machniak <alec@alec.pl>2013-06-26 18:26:39 +0200
commitd6b592941da7017c86ecb8fb81f9ffc515995b4f (patch)
tree45131400bf595cf55a8966261810b876449031ce /plugins/managesieve
parent1b52cfc45fc2348e9d2c9847a9c775096d0ff21d (diff)
Fix handling of &, <, > characters in scripts/filter names (#1489208)
Diffstat (limited to 'plugins/managesieve')
-rw-r--r--plugins/managesieve/Changelog1
-rw-r--r--plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php4
-rw-r--r--plugins/managesieve/managesieve.js8
3 files changed, 7 insertions, 6 deletions
diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog
index 2b28f61d5..daee91a70 100644
--- a/plugins/managesieve/Changelog
+++ b/plugins/managesieve/Changelog
@@ -3,6 +3,7 @@
- Support string list arguments in filter form (#1489018)
- Support date, currendate and index tests - RFC5260 (#1488120)
- Split plugin file into two files
+- Fix handling of &, <, > characters in scripts/filter names (#1489208)
* version 6.2 [2013-02-17]
-----------------------------------------------------------
diff --git a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
index ac942d292..f29c9fb40 100644
--- a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
+++ b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
@@ -1014,7 +1014,7 @@ class rcube_sieve_engine
foreach ($list as $idx => $set) {
$scripts['S'.$idx] = $set;
$result[] = array(
- 'name' => rcube::Q($set),
+ 'name' => $set,
'id' => 'S'.$idx,
'class' => !in_array($set, $this->active) ? 'disabled' : '',
);
@@ -2111,7 +2111,7 @@ class rcube_sieve_engine
$fname = $filter['name'] ? $filter['name'] : "#$i";
$result[] = array(
'id' => $idx,
- 'name' => rcube::Q($fname),
+ 'name' => $fname,
'class' => $filter['disabled'] ? 'disabled' : '',
);
$i++;
diff --git a/plugins/managesieve/managesieve.js b/plugins/managesieve/managesieve.js
index f6bf4b47c..5a75ef1fd 100644
--- a/plugins/managesieve/managesieve.js
+++ b/plugins/managesieve/managesieve.js
@@ -263,7 +263,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o)
var i, row = $('#rcmrow'+this.managesieve_rowid(o.id));
if (o.name)
- $('td', row).html(o.name);
+ $('td', row).text(o.name);
if (o.disabled)
row.addClass('disabled');
else
@@ -278,7 +278,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o)
var list = this.filters_list,
row = $('<tr><td class="name"></td></tr>');
- $('td', row).html(o.name);
+ $('td', row).text(o.name);
row.attr('id', 'rcmrow'+o.id);
if (o.disabled)
row.addClass('disabled');
@@ -302,7 +302,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o)
tr = document.createElement('TR');
td = document.createElement('TD');
- td.innerHTML = el.name;
+ $(td).text(el.name);
td.className = 'name';
tr.id = 'rcmrow' + el.id;
if (el['class'])
@@ -351,7 +351,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o)
list = this.filtersets_list,
row = $('<tr class="disabled"><td class="name"></td></tr>');
- $('td', row).html(o.name);
+ $('td', row).text(o.name);
row.attr('id', 'rcmrow'+id);
this.env.filtersets[id] = o.name;