summaryrefslogtreecommitdiff
path: root/program/include/rcube_output_html.php
diff options
context:
space:
mode:
authorThomas Bruederli <thomas@roundcube.net>2012-07-24 12:19:18 +0200
committerThomas Bruederli <thomas@roundcube.net>2012-07-24 12:19:18 +0200
commitfa8f6e610ce50d9373832f1a5a846a9183f8d81d (patch)
treef3a44018a13e827ffbf5a5cc3395367fbe55e547 /program/include/rcube_output_html.php
parente19fafae04c6733a3c8ccddf9a6565ef2b40dce5 (diff)
Correctly quote localized labels when used in javascript variables (#1488567)
Diffstat (limited to 'program/include/rcube_output_html.php')
-rw-r--r--program/include/rcube_output_html.php10
1 files changed, 9 insertions, 1 deletions
diff --git a/program/include/rcube_output_html.php b/program/include/rcube_output_html.php
index 7ceea1839..30201fd04 100644
--- a/program/include/rcube_output_html.php
+++ b/program/include/rcube_output_html.php
@@ -699,7 +699,15 @@ class rcube_output_html extends rcube_output
$vars = $attrib + array('product' => $this->config->get('product_name'));
unset($vars['name'], $vars['command']);
$label = $this->app->gettext($attrib + array('vars' => $vars));
- return !$attrib['noshow'] ? (get_boolean((string)$attrib['html']) ? $label : html::quote($label)) : '';
+ $quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (get_boolean((string)$attrib['html']) ? 'no' : '');
+ switch ($quoting) {
+ case 'no':
+ case 'raw': break;
+ case 'javascript':
+ case 'js': $label = rcmail::JQ($label); break;
+ default: $label = html::quote($label); break;
+ }
+ return !$attrib['noshow'] ? $label : '';
}
break;