From c1cd53fd80f2027efdbffa1b93750d4baabc2931 Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Thu, 21 Aug 2008 12:38:10 +0000
Subject: escape html entities in forward/reply headers #1484904

---
 program/steps/mail/compose.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'program/steps')

diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 228181624..8a9a383d5 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -496,7 +496,7 @@ function rcmail_create_reply_body($body, $bodyIsHtml)
   {
     $prefix = sprintf("<br /><br />On %s, %s wrote:<br />\n",
       $MESSAGE->headers->date,
-      Q($MESSAGE->get_header('from')));
+      Q($MESSAGE->get_header('from'), 'replace'));
     $prefix .= '<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px; width:100%">';
     $suffix = "</blockquote>";
   }
@@ -513,7 +513,7 @@ function rcmail_create_forward_body($body, $bodyIsHtml)
   {
     // soft-wrap message first
     $body = wordwrap($body, 80);
-  
+
     $prefix = sprintf("\n\n\n-------- Original Message --------\nSubject: %s\nDate: %s\nFrom: %s\nTo: %s\n\n",
       $MESSAGE->subject,
       $MESSAGE->headers->date,
@@ -532,8 +532,8 @@ function rcmail_create_forward_body($body, $bodyIsHtml)
         "</tbody></table><br>",
       Q($MESSAGE->subject),
       Q($MESSAGE->headers->date),
-      Q($MESSAGE->get_header('from')),
-      Q($MESSAGE->get_header('to')));
+      Q($MESSAGE->get_header('from'), 'replace'),
+      Q($MESSAGE->get_header('to'), 'replace'));
   }
 
   // add attachments
-- 
cgit v1.2.3