summaryrefslogtreecommitdiff
path: root/program/include/rcmail.php
diff options
context:
space:
mode:
Diffstat (limited to 'program/include/rcmail.php')
-rw-r--r--program/include/rcmail.php9
1 files changed, 5 insertions, 4 deletions
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index e684a15bb..ee98a3678 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -1329,11 +1329,12 @@ class rcmail extends rcube
$attrib = $hook['attribs'];
if ($type == 'select') {
+ $attrib['is_escaped'] = true;
$select = new html_select($attrib);
// add no-selection option
if ($attrib['noselection']) {
- $select->add($rcmail->gettext($attrib['noselection']), '');
+ $select->add(html::quote($rcmail->gettext($attrib['noselection'])), '');
}
$rcmail->render_folder_tree_select($a_mailboxes, $mbox_name, $attrib['maxlength'], $select, $attrib['realnames']);
@@ -1362,7 +1363,7 @@ class rcmail extends rcube
*/
public function folder_selector($p = array())
{
- $p += array('maxlength' => 100, 'realnames' => false);
+ $p += array('maxlength' => 100, 'realnames' => false, 'is_escaped' => true);
$a_mailboxes = array();
$storage = $this->get_storage();
@@ -1388,7 +1389,7 @@ class rcmail extends rcube
$select = new html_select($p);
if ($p['noselection']) {
- $select->add($p['noselection'], '');
+ $select->add(html::quote($p['noselection']), '');
}
$this->render_folder_tree_select($a_mailboxes, $mbox, $p['maxlength'], $select, $p['realnames'], 0, $p);
@@ -1579,7 +1580,7 @@ class rcmail extends rcube
}
}
- $select->add(str_repeat(' ', $nestLevel*4) . $foldername, $folder['id']);
+ $select->add(str_repeat(' ', $nestLevel*4) . html::quote($foldername), $folder['id']);
if (!empty($folder['folders'])) {
$out .= $this->render_folder_tree_select($folder['folders'], $mbox_name, $maxlength,