From 55150f858fc5b46eefed76687352283d4ef1503c Mon Sep 17 00:00:00 2001 From: alecpl Date: Fri, 27 May 2011 13:20:46 +0000 Subject: - Fix handling of "<" character in group name --- program/steps/addressbook/groups.inc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'program') diff --git a/program/steps/addressbook/groups.inc b/program/steps/addressbook/groups.inc index 4c70bf114..2517873ce 100644 --- a/program/steps/addressbook/groups.inc +++ b/program/steps/addressbook/groups.inc @@ -68,7 +68,7 @@ else if ($RCMAIL->action == 'group-delmembers') { } else if ($RCMAIL->action == 'group-create') { - if ($name = trim(get_input_value('_name', RCUBE_INPUT_POST))) { + if ($name = trim(get_input_value('_name', RCUBE_INPUT_POST, true))) { $plugin = $RCMAIL->plugins->exec_hook('group_create', array('name' => $name, 'source' => $source)); if (!$plugin['abort']) @@ -78,6 +78,7 @@ else if ($RCMAIL->action == 'group-create') { } if ($created && $OUTPUT->ajax_call) { + $created['name'] = Q($created['name']); $OUTPUT->show_message('groupcreated', 'confirmation'); $OUTPUT->command('insert_contact_group', array('source' => $source) + $created); } @@ -87,7 +88,7 @@ else if ($RCMAIL->action == 'group-create') { } else if ($RCMAIL->action == 'group-rename') { - if (($gid = get_input_value('_gid', RCUBE_INPUT_POST)) && ($name = trim(get_input_value('_name', RCUBE_INPUT_POST)))) { + if (($gid = get_input_value('_gid', RCUBE_INPUT_POST)) && ($name = trim(get_input_value('_name', RCUBE_INPUT_POST, true)))) { $plugin = $RCMAIL->plugins->exec_hook('group_rename', array('group_id' => $gid, 'name' => $name, 'source' => $source)); if (!$plugin['abort']) @@ -99,7 +100,7 @@ else if ($RCMAIL->action == 'group-rename') { if ($newname && $OUTPUT->ajax_call) { $OUTPUT->show_message('grouprenamed', 'confirmation'); $OUTPUT->command('update_contact_group', array( - 'source' => $source, 'id' => $gid, 'name' => $newname, 'newid' => $newgid)); + 'source' => $source, 'id' => $gid, 'name' => Q($newname), 'newid' => $newgid)); } else if (!$newname) $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsaving', 'error'); -- cgit v1.2.3