diff options
author | Thomas Bruederli <thomas@roundcube.net> | 2012-07-24 12:25:28 +0200 |
---|---|---|
committer | Thomas Bruederli <thomas@roundcube.net> | 2012-07-24 12:25:28 +0200 |
commit | 2d2af72c22e7b3aca2f90f10bcda1c73767d9656 (patch) | |
tree | f5e729cef8c23a923f5571143ae1d878577e933d /program/include | |
parent | 9d129b5fe2f35ecb497703d818a68d431b5782c6 (diff) |
Correctly quote localized labels when used in javascript variables (#1488567)
Diffstat (limited to 'program/include')
-rw-r--r-- | program/include/rcube_template.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php index e779f5a34..19510ce5b 100644 --- a/program/include/rcube_template.php +++ b/program/include/rcube_template.php @@ -711,7 +711,15 @@ class rcube_template extends rcube_html_page $vars = $attrib + array('product' => $this->config['product_name']); unset($vars['name'], $vars['command']); $label = rcube_label($attrib + array('vars' => $vars)); - return !$attrib['noshow'] ? (get_boolean((string)$attrib['html']) ? $label : Q($label)) : ''; + $quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (get_boolean((string)$attrib['html']) ? 'no' : ''); + switch ($quoting) { + case 'no': + case 'raw': break; + case 'javascript': + case 'js': $label = JQ($label); break; + default: $label = Q($label); break; + } + return !$attrib['noshow'] ? $label : ''; } break; |