diff options
| author | Aleksander Machniak <alec@alec.pl> | 2012-09-27 08:27:02 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2012-09-27 08:27:02 +0200 |
| commit | 700dc66c679f0ae6e16c9d016a15bee4269371e6 (patch) | |
| tree | 21f30c64e3f2559d015777ec7798855d32be24b5 /program/include/html.php | |
| parent | 18df6f38adb9fb067af104e4cf9484904bf49365 (diff) | |
| parent | dc8f292b215719506c2ab0abd8429f4c5ec5c0ed (diff) | |
Merge branch 'master' of github.com:roundcube/roundcubemail
Diffstat (limited to 'program/include/html.php')
| -rw-r--r-- | program/include/html.php | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/program/include/html.php b/program/include/html.php index c6507f813..948794283 100644 --- a/program/include/html.php +++ b/program/include/html.php @@ -295,7 +295,7 @@ class html } } else { - $attrib_arr[] = $key . '="' . self::quote($value, true) . '"'; + $attrib_arr[] = $key . '="' . self::quote($value) . '"'; } } @@ -328,22 +328,13 @@ class html /** * Replacing specials characters in html attribute value * - * @param string $str Input string - * @param bool $validate Enables double quotation prevention + * @param string $str Input string * - * @return string The quoted string + * @return string The quoted string */ - public static function quote($str, $validate = false) + public static function quote($str) { - $str = htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET); - - // avoid douple quotation of & - // @TODO: get rid of it - if ($validate) { - $str = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str); - } - - return $str; + return htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET); } } @@ -559,7 +550,7 @@ class html_textarea extends html } if (!empty($value) && empty($this->attrib['is_escaped'])) { - $value = self::quote($value, true); + $value = self::quote($value); } return self::tag($this->tagname, $this->attrib, $value, @@ -635,7 +626,7 @@ class html_select extends html $option_content = $option['text']; if (empty($this->attrib['is_escaped'])) { - $option_content = self::quote($option_content, true); + $option_content = self::quote($option_content); } $this->content .= self::tag('option', $attr, $option_content); |