From d6b592941da7017c86ecb8fb81f9ffc515995b4f Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Wed, 26 Jun 2013 18:26:39 +0200 Subject: Fix handling of &, <, > characters in scripts/filter names (#1489208) --- plugins/managesieve/Changelog | 1 + plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php | 4 ++-- plugins/managesieve/managesieve.js | 8 ++++---- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog index 2b28f61d5..daee91a70 100644 --- a/plugins/managesieve/Changelog +++ b/plugins/managesieve/Changelog @@ -3,6 +3,7 @@ - Support string list arguments in filter form (#1489018) - Support date, currendate and index tests - RFC5260 (#1488120) - Split plugin file into two files +- Fix handling of &, <, > characters in scripts/filter names (#1489208) * version 6.2 [2013-02-17] ----------------------------------------------------------- diff --git a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php index ac942d292..f29c9fb40 100644 --- a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php +++ b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php @@ -1014,7 +1014,7 @@ class rcube_sieve_engine foreach ($list as $idx => $set) { $scripts['S'.$idx] = $set; $result[] = array( - 'name' => rcube::Q($set), + 'name' => $set, 'id' => 'S'.$idx, 'class' => !in_array($set, $this->active) ? 'disabled' : '', ); @@ -2111,7 +2111,7 @@ class rcube_sieve_engine $fname = $filter['name'] ? $filter['name'] : "#$i"; $result[] = array( 'id' => $idx, - 'name' => rcube::Q($fname), + 'name' => $fname, 'class' => $filter['disabled'] ? 'disabled' : '', ); $i++; diff --git a/plugins/managesieve/managesieve.js b/plugins/managesieve/managesieve.js index f6bf4b47c..5a75ef1fd 100644 --- a/plugins/managesieve/managesieve.js +++ b/plugins/managesieve/managesieve.js @@ -263,7 +263,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) var i, row = $('#rcmrow'+this.managesieve_rowid(o.id)); if (o.name) - $('td', row).html(o.name); + $('td', row).text(o.name); if (o.disabled) row.addClass('disabled'); else @@ -278,7 +278,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) var list = this.filters_list, row = $(''); - $('td', row).html(o.name); + $('td', row).text(o.name); row.attr('id', 'rcmrow'+o.id); if (o.disabled) row.addClass('disabled'); @@ -302,7 +302,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) tr = document.createElement('TR'); td = document.createElement('TD'); - td.innerHTML = el.name; + $(td).text(el.name); td.className = 'name'; tr.id = 'rcmrow' + el.id; if (el['class']) @@ -351,7 +351,7 @@ rcube_webmail.prototype.managesieve_updatelist = function(action, o) list = this.filtersets_list, row = $(''); - $('td', row).html(o.name); + $('td', row).text(o.name); row.attr('id', 'rcmrow'+id); this.env.filtersets[id] = o.name; -- cgit v1.2.3