bug 932: added escaping with htmlspecialchars function and encoding UTF-8 for subject
authorINOPIAE <inopiae@cacert.org>
Sun, 9 Aug 2015 15:51:07 +0000 (17:51 +0200)
committerBenny Baumann <BenBE@geshi.org>
Sun, 9 Aug 2015 20:41:09 +0000 (22:41 +0200)
manager/application/views/scripts/mail/full.phtml
manager/application/views/scripts/mail/index.phtml

index 1bfed87..01d8ff2 100644 (file)
@@ -23,14 +23,14 @@ else {
     </tr>
 <?php
     foreach ($this->headers as $header) {
-        print "        <tr>\n";
-        print "            <td><a href=\"" . $header->detailslink . "\">" . $header->fromaddress . "</a></td>";
-        print "            <td>" . $header->toaddress . "</td>";
-        print "            <td>" . $header->subject . "</td>";
-        print "            <td>" . $header->date . "</td>";
-        print "            <td>" . $header->Size . "</td>";
-        print "            <td><a class=\"delete\" href=\"" . $header->deletelink . "\"><img src=\"/img/delete_icon.jpg\"></a></td>";
-        print "        </tr>\n";
+        print "    <tr>\n";
+        print "        <td><a href=\"" . $header->detailslink . "\">" . $header->fromaddress . "</a></td>";
+        print "        <td>" . $header->toaddress . "</td>";
+        print "        <td>" . htmlspecialchars(quoted_printable_decode($header->subject), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') . "</td>";
+        print "        <td>" . $header->date . "</td>";
+        print "        <td>" . $header->Size . "</td>";
+        print "        <td><a class=\"delete\" href=\"" . $header->deletelink . "\"><img src=\"/img/delete_icon.jpg\"></a></td>";
+        print "    </tr>\n";
     }
 }
 ?>
index 427d0e9..3eecfdc 100644 (file)
@@ -23,14 +23,14 @@ else {
     </tr>
 <?php
     foreach ($this->headers as $header) {
-        print "        <tr>\n";
-        print "            <td><a href=\"" . $header->detailslink . "\">" . $header->fromaddress . "</a></td>";
-        print "            <td>" . $header->toaddress . "</td>";
-        print "            <td>" . $header->subject . "</td>";
-        print "            <td>" . $header->date . "</td>";
-        print "            <td>" . $header->Size . "</td>";
-        print "            <td><a class=\"delete\" href=\"" . $header->deletelink . "\"><img src=\"/img/delete_icon.jpg\"></a></td>";
-        print "        </tr>\n";
+        print "    <tr>\n";
+        print "        <td><a href=\"" . $header->detailslink . "\">" . $header->fromaddress . "</a></td>";
+        print "        <td>" . $header->toaddress . "</td>";
+        print "        <td>" . htmlspecialchars(quoted_printable_decode($header->subject), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') . "</td>";
+        print "        <td>" . $header->date . "</td>";
+        print "        <td>" . $header->Size . "</td>";
+        print "        <td><a class=\"delete\" href=\"" . $header->deletelink . "\"><img src=\"/img/delete_icon.jpg\"></a></td>";
+        print "    </tr>\n";
     }
 }
 ?>