From 2c89ca7298ea693facc0f72c32c71f2bdcaff329 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <bruederli@kolabsys.com>
Date: Wed, 8 Aug 2012 21:29:40 +0200
Subject: Backporting: Fix HTML entities handling in HTML editor (#1488483)

---
 program/steps/mail/compose.inc           | 10 +++++-----
 program/steps/settings/edit_identity.inc |  2 ++
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index d09b92013..a13507f53 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -715,7 +715,7 @@ function rcmail_compose_body($attrib)
   if ($isHtml) {
     $attrib['class'] = 'mce_editor';
     $textarea = new html_textarea($attrib);
-    $out .= $textarea->show($MESSAGE_BODY);
+    $out .= $textarea->show(htmlentities($MESSAGE_BODY, ENT_NOQUOTES, RCMAIL_CHARSET));
   }
   else {
     $textarea = new html_textarea($attrib);
@@ -900,18 +900,18 @@ function rcmail_create_forward_body($body, $bodyIsHtml)
         "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
       rcube_label('subject'), Q($MESSAGE->subject),
       rcube_label('date'), Q($date),
-      rcube_label('from'), htmlspecialchars(Q($MESSAGE->get_header('from'), 'replace'), ENT_COMPAT, $charset),
-      rcube_label('to'), htmlspecialchars(Q($MESSAGE->get_header('to'), 'replace'), ENT_COMPAT, $charset));
+      rcube_label('from'), Q($MESSAGE->get_header('from'), 'replace'),
+      rcube_label('to'), Q($MESSAGE->get_header('to'), 'replace'));
 
     if ($MESSAGE->headers->cc)
       $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
         rcube_label('cc'),
-        htmlspecialchars(Q($MESSAGE->get_header('cc'), 'replace'), ENT_COMPAT, $charset));
+        Q($MESSAGE->get_header('cc'), 'replace'));
 
     if ($MESSAGE->headers->replyto && $MESSAGE->headers->replyto != $MESSAGE->headers->from)
       $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
         rcube_label('replyto'),
-        htmlspecialchars(Q($MESSAGE->get_header('replyto'), 'replace'), ENT_COMPAT, $charset));
+        Q($MESSAGE->get_header('replyto'), 'replace'));
 
     $prefix .= "</tbody></table><br>";
   }
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc
index a42e8d091..0b715350e 100644
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@@ -88,6 +88,8 @@ function rcube_identity_form($attrib)
     $form['signature']['content']['signature']['class'] = 'mce_editor';
   }
 
+  $IDENTITY_RECORD['signature'] = htmlentities($IDENTITY_RECORD['signature'], ENT_NOQUOTES, RCMAIL_CHARSET);
+
   // disable some field according to access level
   if (IDENTITIES_LEVEL == 1 || IDENTITIES_LEVEL == 3) {
     $form['addressing']['content']['email']['disabled'] = true;
-- 
cgit v1.2.3