diff options
| author | Aleksander Machniak <alec@alec.pl> | 2013-04-06 19:28:47 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2013-04-06 19:28:47 +0200 |
| commit | 4fdaa02ac724e597479a4a48388a8a10101000fd (patch) | |
| tree | ac6e7b739dddfafd41dde12c06ccbd6d82c29699 /program/lib/Roundcube/html.php | |
| parent | 50cc5b370f1fab3ecf4ff516f60087129e8a57d1 (diff) | |
Fix handling of invalid characters in message headers and output (#1489032)
Diffstat (limited to 'program/lib/Roundcube/html.php')
| -rw-r--r-- | program/lib/Roundcube/html.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/program/lib/Roundcube/html.php b/program/lib/Roundcube/html.php index 592720308..7b30e60cb 100644 --- a/program/lib/Roundcube/html.php +++ b/program/lib/Roundcube/html.php @@ -35,6 +35,7 @@ class html public static $common_attrib = array('id','class','style','title','align'); public static $containers = array('iframe','div','span','p','h1','h2','h3','form','textarea','table','thead','tbody','tr','th','td','style','script'); + /** * Constructor * @@ -332,7 +333,16 @@ class html */ public static function quote($str) { - return @htmlspecialchars($str, ENT_COMPAT, RCUBE_CHARSET); + static $flags; + + if (!$flags) { + $flags = ENT_COMPAT; + if (defined('ENT_SUBSTITUTE')) { + $flags |= ENT_SUBSTITUTE; + } + } + + return @htmlspecialchars($str, $flags, RCUBE_CHARSET); } } |