summaryrefslogtreecommitdiff
path: root/program/steps
diff options
context:
space:
mode:
authorThomas Bruederli <thomas@roundcube.net>2012-11-19 11:43:22 +0100
committerThomas Bruederli <thomas@roundcube.net>2012-11-19 11:43:22 +0100
commit810efee4d36da6edbc721c82c3a97966005101de (patch)
treea95c3806be7c62563690f358042b9e7db6ba3657 /program/steps
parent37557b5f086d64348a42dccaf922e541b87c2d13 (diff)
Avoid double-encoding of HTML entities in signature edit field
Diffstat (limited to 'program/steps')
-rw-r--r--program/steps/settings/edit_identity.inc5
1 files changed, 3 insertions, 2 deletions
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc
index aa1aeea5d..f82169017 100644
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@@ -87,9 +87,10 @@ function rcube_identity_form($attrib)
if ($IDENTITY_RECORD['html_signature']) {
$form['signature']['content']['signature']['class'] = 'mce_editor';
$form['signature']['content']['signature']['is_escaped'] = true;
- }
- $IDENTITY_RECORD['signature'] = htmlentities($IDENTITY_RECORD['signature'], ENT_NOQUOTES, RCMAIL_CHARSET);
+ // Correctly handle HTML entities in HTML editor (#1488483)
+ $IDENTITY_RECORD['signature'] = htmlspecialchars($IDENTITY_RECORD['signature'], ENT_NOQUOTES, RCMAIL_CHARSET);
+ }
// disable some field according to access level
if (IDENTITIES_LEVEL == 1 || IDENTITIES_LEVEL == 3) {