summaryrefslogtreecommitdiff
path: root/program/steps
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2011-05-27 13:01:05 +0000
committeralecpl <alec@alec.pl>2011-05-27 13:01:05 +0000
commit516467080bd822cb94a4a9ef58a168dcdaf7535b (patch)
tree79dbd8e0463985fba5af3de12130b6aa4ccf97fc /program/steps
parentd7344819834e469c2e5875f756f1ad973b2e06d9 (diff)
- Fix handling of "<" character in contact data, search fields and folder names, identity name and organization fields (#1487864)
Diffstat (limited to 'program/steps')
-rw-r--r--program/steps/addressbook/save.inc9
-rw-r--r--program/steps/addressbook/search.inc2
-rw-r--r--program/steps/mail/search.inc7
-rw-r--r--program/steps/settings/save_identity.inc6
4 files changed, 12 insertions, 12 deletions
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index 253609780..0092eb103 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -95,7 +95,6 @@ if ($RCMAIL->action == 'upload-photo') {
$OUTPUT->send('iframe');
}
-
// read POST values into hash array
$a_record = array();
foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) {
@@ -106,7 +105,7 @@ foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) {
if ($colprop['childs']) {
$values = array();
foreach ($colprop['childs'] as $childcol => $cp) {
- $vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST);
+ $vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST, true);
foreach ((array)$vals as $i => $val)
$values[$i][$childcol] = $val;
}
@@ -117,7 +116,7 @@ foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) {
}
// assign values and subtypes
else if (is_array($_POST[$fname])) {
- $values = get_input_value($fname, RCUBE_INPUT_POST);
+ $values = get_input_value($fname, RCUBE_INPUT_POST, true);
$subtypes = get_input_value('_subtype_' . $col, RCUBE_INPUT_POST);
foreach ($values as $i => $val) {
$subtype = $subtypes[$i] ? ':'.$subtypes[$i] : '';
@@ -125,7 +124,7 @@ foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) {
}
}
else if (isset($_POST[$fname])) {
- $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST);
+ $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST, true);
}
}
@@ -190,7 +189,7 @@ if (!empty($cid))
$record['name'] = $record['email'];
foreach (array('name', 'email') as $col)
- $a_js_cols[] = (string)$record[$col];
+ $a_js_cols[] = Q((string)$record[$col]);
// update the changed col in list
$OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid);
diff --git a/program/steps/addressbook/search.inc b/program/steps/addressbook/search.inc
index 7d6775507..8d25a8fbc 100644
--- a/program/steps/addressbook/search.inc
+++ b/program/steps/addressbook/search.inc
@@ -22,7 +22,7 @@
$CONTACTS->set_page(1);
$_SESSION['page'] = 1;
-$search = trim(get_input_value('_q', RCUBE_INPUT_GET));
+$search = trim(get_input_value('_q', RCUBE_INPUT_GET, true));
$search_request = md5('addr'.$search);
// get contacts for this user
diff --git a/program/steps/mail/search.inc b/program/steps/mail/search.inc
index 39fb32fc9..c038d772f 100644
--- a/program/steps/mail/search.inc
+++ b/program/steps/mail/search.inc
@@ -27,10 +27,11 @@ $_SESSION['page'] = 1;
$imap_charset = RCMAIL_CHARSET;
// get search string
-$str = get_input_value('_q', RCUBE_INPUT_GET);
-$filter = get_input_value('_filter', RCUBE_INPUT_GET);
-$mbox = get_input_value('_mbox', RCUBE_INPUT_GET);
+$str = get_input_value('_q', RCUBE_INPUT_GET, true);
+$mbox = get_input_value('_mbox', RCUBE_INPUT_GET, true);
+$filter = get_input_value('_filter', RCUBE_INPUT_GET);
$headers = get_input_value('_headers', RCUBE_INPUT_GET);
+
$search_request = md5($mbox.$filter.$str);
// add list filter string
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 4fb6a2a9f..b2957a78b 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -22,17 +22,17 @@
define('IDENTITIES_LEVEL', intval($RCMAIL->config->get('identities_level', 0)));
$a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature', 'html_signature');
-$a_html_cols = array('signature');
+$a_html_cols = array('signature', 'name', 'organization');
$a_boolean_cols = array('standard', 'html_signature');
$updated = $default_id = false;
// check input
if (empty($_POST['_name']) || (empty($_POST['_email']) && IDENTITIES_LEVEL != 1 && IDENTITIES_LEVEL != 3))
- {
+{
$OUTPUT->show_message('formincomplete', 'warning');
rcmail_overwrite_action('edit-identity');
return;
- }
+}
$save_data = array();