Don't use addslashes() which could produce unexpected results when magic_quotes_sybase is on

release-0.6
thomascube 16 years ago
parent f35a226447
commit c21d6d713e

@ -347,6 +347,8 @@ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE)
} }
$xml_rep_table['"'] = '"'; $xml_rep_table['"'] = '"';
$js_rep_table['"'] = '\\"';
$js_rep_table["'"] = "\\'";
} }
// encode for XML // encode for XML
@ -359,7 +361,7 @@ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE)
if ($charset!='UTF-8') if ($charset!='UTF-8')
$str = rcube_charset_convert($str, RCMAIL_CHARSET,$charset); $str = rcube_charset_convert($str, RCMAIL_CHARSET,$charset);
return preg_replace(array("/\r?\n/", "/\r/", '/<\\//'), array('\n', '\n', '<\\/'), addslashes(strtr($str, $js_rep_table))); return preg_replace(array("/\r?\n/", "/\r/", '/<\\//'), array('\n', '\n', '<\\/'), strtr($str, $js_rep_table));
} }
// no encoding given -> return original string // no encoding given -> return original string

@ -90,7 +90,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) {
$filename = $part->filename ? $part->filename : ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . '.'.$ctype_secondary; $filename = $part->filename ? $part->filename : ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . '.'.$ctype_secondary;
$filename = abbreviate_string($part->filename, 55); $filename = abbreviate_string($part->filename, 55);
$filename = $browser->ie ? rawurlencode($filename) : addslashes($filename); $filename = $browser->ie ? rawurlencode($filename) : addcslashes($filename, '"');
$disposition = !empty($_GET['_download']) ? 'attachment' : 'inline'; $disposition = !empty($_GET['_download']) ? 'attachment' : 'inline';
header("Content-Disposition: $disposition; filename=\"$filename\""); header("Content-Disposition: $disposition; filename=\"$filename\"");

Loading…
Cancel
Save