summaryrefslogtreecommitdiff
path: root/program/include/html.php
diff options
context:
space:
mode:
authorThomas Bruederli <thomas@roundcube.net>2012-09-23 22:44:13 +0200
committerThomas Bruederli <thomas@roundcube.net>2012-09-23 22:44:13 +0200
commit0c144b98a417d50b9c073ae3931fdad47390f1f7 (patch)
treee1a94ada7e5e06fc7c21de13dbb3f86f88634ec7 /program/include/html.php
parent8f098e8dead85b6512ac72b2d805314baec72a2f (diff)
parente695162ef76054050e4181e4d28f28cf1981386b (diff)
Merge branch 'master' of github.com:roundcube/roundcubemail
Diffstat (limited to 'program/include/html.php')
-rw-r--r--program/include/html.php23
1 files changed, 7 insertions, 16 deletions
diff --git a/program/include/html.php b/program/include/html.php
index c6507f813..948794283 100644
--- a/program/include/html.php
+++ b/program/include/html.php
@@ -295,7 +295,7 @@ class html
}
}
else {
- $attrib_arr[] = $key . '="' . self::quote($value, true) . '"';
+ $attrib_arr[] = $key . '="' . self::quote($value) . '"';
}
}
@@ -328,22 +328,13 @@ class html
/**
* Replacing specials characters in html attribute value
*
- * @param string $str Input string
- * @param bool $validate Enables double quotation prevention
+ * @param string $str Input string
*
- * @return string The quoted string
+ * @return string The quoted string
*/
- public static function quote($str, $validate = false)
+ public static function quote($str)
{
- $str = htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET);
-
- // avoid douple quotation of &
- // @TODO: get rid of it
- if ($validate) {
- $str = preg_replace('/&amp;([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str);
- }
-
- return $str;
+ return htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET);
}
}
@@ -559,7 +550,7 @@ class html_textarea extends html
}
if (!empty($value) && empty($this->attrib['is_escaped'])) {
- $value = self::quote($value, true);
+ $value = self::quote($value);
}
return self::tag($this->tagname, $this->attrib, $value,
@@ -635,7 +626,7 @@ class html_select extends html
$option_content = $option['text'];
if (empty($this->attrib['is_escaped'])) {
- $option_content = self::quote($option_content, true);
+ $option_content = self::quote($option_content);
}
$this->content .= self::tag('option', $attr, $option_content);