diff options
author | Aleksander Machniak <alec@alec.pl> | 2013-06-26 18:26:39 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2013-06-26 18:26:39 +0200 |
commit | d6b592941da7017c86ecb8fb81f9ffc515995b4f (patch) | |
tree | 45131400bf595cf55a8966261810b876449031ce /plugins/managesieve | |
parent | 1b52cfc45fc2348e9d2c9847a9c775096d0ff21d (diff) |
Fix handling of &, <, > characters in scripts/filter names (#1489208)
Diffstat (limited to 'plugins/managesieve')
-rw-r--r-- | plugins/managesieve/Changelog | 1 | ||||
-rw-r--r-- | plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php | 4 | ||||
-rw-r--r-- | plugins/managesieve/managesieve.js | 8 |
3 files changed, 7 insertions, 6 deletions
diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog index 2b28f61d5..daee91a70 100644 --- a/plugins/managesieve/Changelog +++ b/plugins/managesieve/Changelog @@ -3,6 +3,7 @@ - Support string list arguments in filter form (#1489018) - Support date, currendate and index tests - RFC5260 (#1488120) - Split plugin file into two files +- Fix handling of &, <, > characters in scripts/filter names (#1489208) * version 6.2 [2013-02-17] ----------------------------------------------------------- diff --git a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php index ac942d292..f29c9fb40 100644 --- a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php +++ b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php @@ -1014,7 +1014,7 @@ class rcube_sieve_engine foreach ($list as $idx => $set) { $scripts['S'.$idx] = $set; $result[] = array( - 'name' => rcube::Q($set), + 'name' => $set, 'id' => 'S'.$idx, 'class' => !in_array($set, $this->active) ? 'disabled' : '', ); @@ -2111,7 +2111,7 @@ class rcube_sieve_engine $fname = $filter['name'] ? $filter['name'] : "#$i"; $result[] = array( 'id' => $idx, - 'name' => rcube::Q($fname), + 'name' => $fname, 'class' => $filter['disabled'] ? 'disabled' : '', ); $i++; diff --git a/plugins/managesieve/managesieve.js b/plugins/managesieve/managesieve.js index f6bf4b47c..5a75ef1fd 100644 --- a/plugins/managesieve/managesieve.js +++ b/plugins/managesieve/managesieve.js @@ -263,7 +263,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) var i, row = $('#rcmrow'+this.managesieve_rowid(o.id)); if (o.name) - $('td', row).html(o.name); + $('td', row).text(o.name); if (o.disabled) row.addClass('disabled'); else @@ -278,7 +278,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) var list = this.filters_list, row = $('<tr><td class="name"></td></tr>'); - $('td', row).html(o.name); + $('td', row).text(o.name); row.attr('id', 'rcmrow'+o.id); if (o.disabled) row.addClass('disabled'); @@ -302,7 +302,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) tr = document.createElement('TR'); td = document.createElement('TD'); - td.innerHTML = el.name; + $(td).text(el.name); td.className = 'name'; tr.id = 'rcmrow' + el.id; if (el['class']) @@ -351,7 +351,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) list = this.filtersets_list, row = $('<tr class="disabled"><td class="name"></td></tr>'); - $('td', row).html(o.name); + $('td', row).text(o.name); row.attr('id', 'rcmrow'+id); this.env.filtersets[id] = o.name; |