Correctly quote localized labels when used in javascript variables (#1488567)

12 years ago · fa8f6e610c
parent e19fafae04
commit fa8f6e610c
3 changed files with 11 additions and 2 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 - Correctly escape localized labels in javascript variable (#1488567)
 - Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#1488571)
 - Don't add attachments content into reply/forward/draft message body (#1488557)
 - Fix 'no connection' errors on page unloads (#1488547)
--- a/program/include/rcube_output_html.php
+++ b/program/include/rcube_output_html.php
@ -699,7 +699,15 @@ class rcube_output_html extends rcube_output
                    $vars = $attrib + array('product' => $this->config->get('product_name'));
                    unset($vars['name'], $vars['command']);
                    $label = $this->app->gettext($attrib + array('vars' => $vars));
-                    return !$attrib['noshow'] ? (get_boolean((string)$attrib['html']) ? $label : html::quote($label)) : '';
+                    $quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (get_boolean((string)$attrib['html']) ? 'no' : '');
                    switch ($quoting) {
                        case 'no':
                        case 'raw': break;
                        case 'javascript':
                        case 'js': $label = rcmail::JQ($label); break;
                        default:   $label = html::quote($label); break;
                    }
                    return !$attrib['noshow'] ? $label : '';
                }
                break;
--- a/skins/larry/includes/footer.html
+++ b/skins/larry/includes/footer.html
@ -3,7 +3,7 @@
 // UI startup
 var UI = new rcube_mail_ui();
 $(document).ready(function(){
-	UI.set('errortitle', '<roundcube:label name="errortitle" />');
+	UI.set('errortitle', '<roundcube:label name="errortitle" quoting="javascript" />');
 	UI.init();
 });