From 6f94b0db16b02eebcc8e3582516d2c05bdc19d3b Mon Sep 17 00:00:00 2001
From: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Sun, 23 Nov 2008 12:58:13 +0000
Subject: Only escape single quotes + allow html in translated texts

git-svn-id: https://svn.roundcube.net/trunk@2083 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 translator/func.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'translator/func.php')

diff --git a/translator/func.php b/translator/func.php
index fdaf2bcdf..4dbaf5709 100644
--- a/translator/func.php
+++ b/translator/func.php
@@ -8,7 +8,7 @@ define('ORIGINAL', 'en_US'); // always up-to-date language
 
 // ---- EOF conf ---- //
 
-function get_input_value($fname)
+function get_input_value($fname, $html = false)
 {
 	$value = !empty($_REQUEST[$fname]) ? $_REQUEST[$fname] : "";
 
@@ -17,7 +17,8 @@ function get_input_value($fname)
 		$value = stripslashes($value);
 
 	// remove HTML tags if not allowed
-	$value = strip_tags($value);
+	if (!$html)
+		$value = strip_tags($value);
 
 	return $value;
  }
@@ -118,11 +119,11 @@ function build_localization($lang, $file)
 
 	foreach((array)$orig_values as $t_key => $t_value)
 	{
-		$t_value = get_input_value('t_'.$t_key);
+		$t_value = get_input_value('t_'.$t_key, true);
 		if (empty($t_value) && isset($edit_values[$t_key]))
 			$t_value = $edit_values[$t_key];
 		if (!empty($t_value))
-			$out .= $array . "['$t_key'] = '" . addslashes($t_value) . "';\n";
+			$out .= $array . "['$t_key'] = '" . addcslashes($t_value, "'") . "';\n";
 	}
 	
 	$out .= "\n?>\n";
-- 
cgit v1.2.3