diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2007-11-25 17:34:19 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2007-11-25 17:34:19 +0000 |
| commit | 916676eafd05379db18614e3c0431fdbd422feb2 (patch) | |
| tree | 3ff32ced45c2e0c8a57b9c64ebe676f7eda0d9c5 /roundcubemail/program/include/rcube_html.inc | |
| parent | 2f82db76ece7e62d182850dea58c902b7d0a43f3 (diff) | |
Fixed some potential security risks + updatedd changelog
git-svn-id: https://svn.roundcube.net/trunk@930 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/include/rcube_html.inc')
| -rw-r--r-- | roundcubemail/program/include/rcube_html.inc | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/roundcubemail/program/include/rcube_html.inc b/roundcubemail/program/include/rcube_html.inc index a31594a56..18983a15a 100644 --- a/roundcubemail/program/include/rcube_html.inc +++ b/roundcubemail/program/include/rcube_html.inc @@ -292,10 +292,6 @@ class rcube_form_element if ((strpos($key,'on')===0 && $value=='')) continue; - // encode textarea content - if ($key=='value') - $value = Q($value, 'strict', FALSE); - // attributes with no value if (in_array($key, array('checked', 'multiple', 'disabled', 'selected', 'nowrap'))) { @@ -304,11 +300,11 @@ class rcube_form_element } // don't convert size of value attribute else if ($key=='value') - $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), $value); + $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), Q($value, 'strict', false)); // regular tag attributes else - $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), $this->_conv_case($value, 'value')); + $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), $this->_conv_case(Q($value), 'value')); } return sizeof($attrib_arr) ? ' '.implode(' ', $attrib_arr) : ''; |