summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--program/include/main.inc25
1 files changed, 23 insertions, 2 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index f81e95bf8..207614885 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -596,7 +596,6 @@ function JQ($str)
*/
function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
{
- global $OUTPUT;
$value = NULL;
if ($source==RCUBE_INPUT_GET && isset($_GET[$fname]))
@@ -613,9 +612,31 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
$value = $_COOKIE[$fname];
}
+ return parse_input_value($value, $allow_html, $charset);
+}
+
+/**
+ * Parse/validate input value. See get_input_value()
+ * Performs stripslashes() and charset conversion if necessary
+ *
+ * @param string Input value
+ * @param boolean Allow HTML tags in field value
+ * @param string Charset to convert into
+ * @return string Parsed value
+ */
+function parse_input_value($value, $allow_html=FALSE, $charset=NULL)
+{
+ global $OUTPUT;
+
if (empty($value))
return $value;
+ if (is_array($value)) {
+ foreach ($value as $idx => $val)
+ $value[$idx] = parse_input_value($val, $allow_html, $charset);
+ return $value;
+ }
+
// strip single quotes if magic_quotes_sybase is enabled
if (ini_get('magic_quotes_sybase'))
$value = str_replace("''", "'", $value);
@@ -628,7 +649,7 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
$value = strip_tags($value);
// convert to internal charset
- if (is_object($OUTPUT))
+ if (is_object($OUTPUT) && $charset)
return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset);
else
return $value;