diff options
author | Thomas Bruederli <thomas@roundcube.net> | 2012-11-19 11:43:22 +0100 |
---|---|---|
committer | Thomas Bruederli <thomas@roundcube.net> | 2012-11-19 11:43:22 +0100 |
commit | 810efee4d36da6edbc721c82c3a97966005101de (patch) | |
tree | a95c3806be7c62563690f358042b9e7db6ba3657 /program/steps/settings | |
parent | 37557b5f086d64348a42dccaf922e541b87c2d13 (diff) |
Avoid double-encoding of HTML entities in signature edit field
Diffstat (limited to 'program/steps/settings')
-rw-r--r-- | program/steps/settings/edit_identity.inc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc index aa1aeea5d..f82169017 100644 --- a/program/steps/settings/edit_identity.inc +++ b/program/steps/settings/edit_identity.inc @@ -87,9 +87,10 @@ function rcube_identity_form($attrib) if ($IDENTITY_RECORD['html_signature']) { $form['signature']['content']['signature']['class'] = 'mce_editor'; $form['signature']['content']['signature']['is_escaped'] = true; - } - $IDENTITY_RECORD['signature'] = htmlentities($IDENTITY_RECORD['signature'], ENT_NOQUOTES, RCMAIL_CHARSET); + // Correctly handle HTML entities in HTML editor (#1488483) + $IDENTITY_RECORD['signature'] = htmlspecialchars($IDENTITY_RECORD['signature'], ENT_NOQUOTES, RCMAIL_CHARSET); + } // disable some field according to access level if (IDENTITIES_LEVEL == 1 || IDENTITIES_LEVEL == 3) { |