diff options
| author | Thomas Bruederli <thomas@roundcube.net> | 2012-09-23 22:44:13 +0200 |
|---|---|---|
| committer | Thomas Bruederli <thomas@roundcube.net> | 2012-09-23 22:44:13 +0200 |
| commit | 0c144b98a417d50b9c073ae3931fdad47390f1f7 (patch) | |
| tree | e1a94ada7e5e06fc7c21de13dbb3f86f88634ec7 /program/include/html.php | |
| parent | 8f098e8dead85b6512ac72b2d805314baec72a2f (diff) | |
| parent | e695162ef76054050e4181e4d28f28cf1981386b (diff) | |
Merge branch 'master' of github.com:roundcube/roundcubemail
Diffstat (limited to 'program/include/html.php')
| -rw-r--r-- | program/include/html.php | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/program/include/html.php b/program/include/html.php index c6507f813..948794283 100644 --- a/program/include/html.php +++ b/program/include/html.php @@ -295,7 +295,7 @@ class html } } else { - $attrib_arr[] = $key . '="' . self::quote($value, true) . '"'; + $attrib_arr[] = $key . '="' . self::quote($value) . '"'; } } @@ -328,22 +328,13 @@ class html /** * Replacing specials characters in html attribute value * - * @param string $str Input string - * @param bool $validate Enables double quotation prevention + * @param string $str Input string * - * @return string The quoted string + * @return string The quoted string */ - public static function quote($str, $validate = false) + public static function quote($str) { - $str = htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET); - - // avoid douple quotation of & - // @TODO: get rid of it - if ($validate) { - $str = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str); - } - - return $str; + return htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET); } } @@ -559,7 +550,7 @@ class html_textarea extends html } if (!empty($value) && empty($this->attrib['is_escaped'])) { - $value = self::quote($value, true); + $value = self::quote($value); } return self::tag($this->tagname, $this->attrib, $value, @@ -635,7 +626,7 @@ class html_select extends html $option_content = $option['text']; if (empty($this->attrib['is_escaped'])) { - $option_content = self::quote($option_content, true); + $option_content = self::quote($option_content); } $this->content .= self::tag('option', $attr, $option_content); |