- Fix handling of "<" character in group name

git-svn-id: https://svn.roundcube.net/trunk@4814 208e9e7b-5314-0410-a742-e7e81cd9613c
author: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-05-27 13:20:46 +0000
committer: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-05-27 13:20:46 +0000
commit: 2f76356eba535c6eda812de4bd54161417a47575 (patch)
tree: 14f36f1f4a12cc67a0a0922c65d0ca5a13bfac68 /roundcubemail/program/steps
parent: 3c31b06abf3b10d0d252c27e61242c4782e2f3d1 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/roundcubemail/program/steps/addressbook/groups.inc b/roundcubemail/program/steps/addressbook/groups.inc
index 4c70bf114..2517873ce 100644
--- a/roundcubemail/program/steps/addressbook/groups.inc
+++ b/roundcubemail/program/steps/addressbook/groups.inc
@@ -68,7 +68,7 @@ else if ($RCMAIL->action == 'group-delmembers') {
 }
 
 else if ($RCMAIL->action == 'group-create') {
-  if ($name = trim(get_input_value('_name', RCUBE_INPUT_POST))) {
+  if ($name = trim(get_input_value('_name', RCUBE_INPUT_POST, true))) {
     $plugin = $RCMAIL->plugins->exec_hook('group_create', array('name' => $name, 'source' => $source));
 
     if (!$plugin['abort'])
@@ -78,6 +78,7 @@ else if ($RCMAIL->action == 'group-create') {
   }
 
   if ($created && $OUTPUT->ajax_call) {
+    $created['name'] = Q($created['name']);
     $OUTPUT->show_message('groupcreated', 'confirmation');
     $OUTPUT->command('insert_contact_group', array('source' => $source) + $created);
   }
@@ -87,7 +88,7 @@ else if ($RCMAIL->action == 'group-create') {
 }
 
 else if ($RCMAIL->action == 'group-rename') {
-  if (($gid = get_input_value('_gid', RCUBE_INPUT_POST)) && ($name = trim(get_input_value('_name', RCUBE_INPUT_POST)))) {
+  if (($gid = get_input_value('_gid', RCUBE_INPUT_POST)) && ($name = trim(get_input_value('_name', RCUBE_INPUT_POST, true)))) {
     $plugin = $RCMAIL->plugins->exec_hook('group_rename', array('group_id' => $gid, 'name' => $name, 'source' => $source));
 
     if (!$plugin['abort'])
@@ -99,7 +100,7 @@ else if ($RCMAIL->action == 'group-rename') {
   if ($newname && $OUTPUT->ajax_call) {
     $OUTPUT->show_message('grouprenamed', 'confirmation');
     $OUTPUT->command('update_contact_group', array(
-      'source' => $source, 'id' => $gid, 'name' => $newname, 'newid' => $newgid));
+      'source' => $source, 'id' => $gid, 'name' => Q($newname), 'newid' => $newgid));
   }
   else if (!$newname)
     $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsaving', 'error');
author	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-05-27 13:20:46 +0000
committer	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-05-27 13:20:46 +0000
commit	2f76356eba535c6eda812de4bd54161417a47575 (patch)
tree	14f36f1f4a12cc67a0a0922c65d0ca5a13bfac68 /roundcubemail/program/steps
parent	3c31b06abf3b10d0d252c27e61242c4782e2f3d1 (diff)