|
|
@ -155,6 +155,7 @@ class rcube_utils
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$uri = parse_url($_SERVER['REQUEST_URI']);
|
|
|
|
$uri = parse_url($_SERVER['REQUEST_URI']);
|
|
|
|
$referer = parse_url(self::request_header('Referer'));
|
|
|
|
$referer = parse_url(self::request_header('Referer'));
|
|
|
|
|
|
|
|
|
|
|
|
return $referer['host'] == self::request_header('Host') && $referer['path'] == $uri['path'];
|
|
|
|
return $referer['host'] == self::request_header('Host') && $referer['path'] == $uri['path'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -163,7 +164,7 @@ class rcube_utils
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param string Input string
|
|
|
|
* @param string Input string
|
|
|
|
* @param string Encoding type: text|html|xml|js|url
|
|
|
|
* @param string Encoding type: text|html|xml|js|url
|
|
|
|
* @param string Replace mode for tags: show|replace|remove
|
|
|
|
* @param string Replace mode for tags: show|remove|strict
|
|
|
|
* @param boolean Convert newlines
|
|
|
|
* @param boolean Convert newlines
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @return string The quoted string
|
|
|
|
* @return string The quoted string
|
|
|
@ -187,8 +188,11 @@ class rcube_utils
|
|
|
|
|
|
|
|
|
|
|
|
$encode_arr = $html_encode_arr;
|
|
|
|
$encode_arr = $html_encode_arr;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ($mode == 'remove') {
|
|
|
|
|
|
|
|
$str = strip_tags($str);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else if ($mode != 'strict') {
|
|
|
|
// don't replace quotes and html tags
|
|
|
|
// don't replace quotes and html tags
|
|
|
|
if ($mode == 'show' || $mode == '') {
|
|
|
|
|
|
|
|
$ltpos = strpos($str, '<');
|
|
|
|
$ltpos = strpos($str, '<');
|
|
|
|
if ($ltpos !== false && strpos($str, '>', $ltpos) !== false) {
|
|
|
|
if ($ltpos !== false && strpos($str, '>', $ltpos) !== false) {
|
|
|
|
unset($encode_arr['"']);
|
|
|
|
unset($encode_arr['"']);
|
|
|
@ -197,9 +201,6 @@ class rcube_utils
|
|
|
|
unset($encode_arr['&']);
|
|
|
|
unset($encode_arr['&']);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if ($mode == 'remove') {
|
|
|
|
|
|
|
|
$str = strip_tags($str);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$out = strtr($str, $encode_arr);
|
|
|
|
$out = strtr($str, $encode_arr);
|
|
|
|
|
|
|
|
|
|
|
@ -232,7 +233,7 @@ class rcube_utils
|
|
|
|
|
|
|
|
|
|
|
|
// encode for plaintext
|
|
|
|
// encode for plaintext
|
|
|
|
if ($enctype == 'text') {
|
|
|
|
if ($enctype == 'text') {
|
|
|
|
return str_replace("\r\n", "\n", $mode=='remove' ? strip_tags($str) : $str);
|
|
|
|
return str_replace("\r\n", "\n", $mode == 'remove' ? strip_tags($str) : $str);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ($enctype == 'url') {
|
|
|
|
if ($enctype == 'url') {
|
|
|
|