diff options
author | alecpl <alec@alec.pl> | 2011-05-27 13:01:05 +0000 |
---|---|---|
committer | alecpl <alec@alec.pl> | 2011-05-27 13:01:05 +0000 |
commit | 516467080bd822cb94a4a9ef58a168dcdaf7535b (patch) | |
tree | 79dbd8e0463985fba5af3de12130b6aa4ccf97fc /program/steps | |
parent | d7344819834e469c2e5875f756f1ad973b2e06d9 (diff) |
- Fix handling of "<" character in contact data, search fields and folder names, identity name and organization fields (#1487864)
Diffstat (limited to 'program/steps')
-rw-r--r-- | program/steps/addressbook/save.inc | 9 | ||||
-rw-r--r-- | program/steps/addressbook/search.inc | 2 | ||||
-rw-r--r-- | program/steps/mail/search.inc | 7 | ||||
-rw-r--r-- | program/steps/settings/save_identity.inc | 6 |
4 files changed, 12 insertions, 12 deletions
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc index 253609780..0092eb103 100644 --- a/program/steps/addressbook/save.inc +++ b/program/steps/addressbook/save.inc @@ -95,7 +95,6 @@ if ($RCMAIL->action == 'upload-photo') { $OUTPUT->send('iframe'); } - // read POST values into hash array $a_record = array(); foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) { @@ -106,7 +105,7 @@ foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) { if ($colprop['childs']) { $values = array(); foreach ($colprop['childs'] as $childcol => $cp) { - $vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST); + $vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST, true); foreach ((array)$vals as $i => $val) $values[$i][$childcol] = $val; } @@ -117,7 +116,7 @@ foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) { } // assign values and subtypes else if (is_array($_POST[$fname])) { - $values = get_input_value($fname, RCUBE_INPUT_POST); + $values = get_input_value($fname, RCUBE_INPUT_POST, true); $subtypes = get_input_value('_subtype_' . $col, RCUBE_INPUT_POST); foreach ($values as $i => $val) { $subtype = $subtypes[$i] ? ':'.$subtypes[$i] : ''; @@ -125,7 +124,7 @@ foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) { } } else if (isset($_POST[$fname])) { - $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST); + $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST, true); } } @@ -190,7 +189,7 @@ if (!empty($cid)) $record['name'] = $record['email']; foreach (array('name', 'email') as $col) - $a_js_cols[] = (string)$record[$col]; + $a_js_cols[] = Q((string)$record[$col]); // update the changed col in list $OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid); diff --git a/program/steps/addressbook/search.inc b/program/steps/addressbook/search.inc index 7d6775507..8d25a8fbc 100644 --- a/program/steps/addressbook/search.inc +++ b/program/steps/addressbook/search.inc @@ -22,7 +22,7 @@ $CONTACTS->set_page(1); $_SESSION['page'] = 1; -$search = trim(get_input_value('_q', RCUBE_INPUT_GET)); +$search = trim(get_input_value('_q', RCUBE_INPUT_GET, true)); $search_request = md5('addr'.$search); // get contacts for this user diff --git a/program/steps/mail/search.inc b/program/steps/mail/search.inc index 39fb32fc9..c038d772f 100644 --- a/program/steps/mail/search.inc +++ b/program/steps/mail/search.inc @@ -27,10 +27,11 @@ $_SESSION['page'] = 1; $imap_charset = RCMAIL_CHARSET; // get search string -$str = get_input_value('_q', RCUBE_INPUT_GET); -$filter = get_input_value('_filter', RCUBE_INPUT_GET); -$mbox = get_input_value('_mbox', RCUBE_INPUT_GET); +$str = get_input_value('_q', RCUBE_INPUT_GET, true); +$mbox = get_input_value('_mbox', RCUBE_INPUT_GET, true); +$filter = get_input_value('_filter', RCUBE_INPUT_GET); $headers = get_input_value('_headers', RCUBE_INPUT_GET); + $search_request = md5($mbox.$filter.$str); // add list filter string diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc index 4fb6a2a9f..b2957a78b 100644 --- a/program/steps/settings/save_identity.inc +++ b/program/steps/settings/save_identity.inc @@ -22,17 +22,17 @@ define('IDENTITIES_LEVEL', intval($RCMAIL->config->get('identities_level', 0))); $a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature', 'html_signature'); -$a_html_cols = array('signature'); +$a_html_cols = array('signature', 'name', 'organization'); $a_boolean_cols = array('standard', 'html_signature'); $updated = $default_id = false; // check input if (empty($_POST['_name']) || (empty($_POST['_email']) && IDENTITIES_LEVEL != 1 && IDENTITIES_LEVEL != 3)) - { +{ $OUTPUT->show_message('formincomplete', 'warning'); rcmail_overwrite_action('edit-identity'); return; - } +} $save_data = array(); |