From c5799618997716288169b6fbcd1251f76788cd49 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sun, 25 Nov 2007 17:34:19 +0000
Subject: Fixed some potential security risks + updatedd changelog

---
 program/include/rcube_html.inc | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

(limited to 'program/include/rcube_html.inc')

diff --git a/program/include/rcube_html.inc b/program/include/rcube_html.inc
index a31594a56..18983a15a 100644
--- a/program/include/rcube_html.inc
+++ b/program/include/rcube_html.inc
@@ -292,10 +292,6 @@ class rcube_form_element
       if ((strpos($key,'on')===0 && $value==''))
         continue;
 
-      // encode textarea content
-      if ($key=='value')
-        $value = Q($value, 'strict', FALSE);
-
       // attributes with no value
       if (in_array($key, array('checked', 'multiple', 'disabled', 'selected', 'nowrap')))
       {
@@ -304,11 +300,11 @@ class rcube_form_element
       }
       // don't convert size of value attribute
       else if ($key=='value')
-        $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), $value);
+        $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), Q($value, 'strict', false));
         
       // regular tag attributes
       else
-        $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), $this->_conv_case($value, 'value'));
+        $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), $this->_conv_case(Q($value), 'value'));
     }
 
     return sizeof($attrib_arr) ? ' '.implode(' ', $attrib_arr) : '';
-- 
cgit v1.2.3