[dev] [cvs] commit: dimp/lib/Views ShowMessage.php
Michael M Slusarz
slusarz at horde.org
Mon Nov 19 23:05:12 UTC 2007
Quoting Jan Schneider <jan at horde.org>:
> Zitat von Michael M Slusarz <slusarz at horde.org>:
>
>> slusarz 2007-11-19 16:36:11 EST
>>
>> Modified files:
>> lib/Views ShowMessage.php
>> Log:
>> All of these headers already have been HTML'ified. Escaping them again
>> here just breaks the output.
>
> Not for me. I had an ampersand in one of the headers, iirc the from:
> header, and it was *not* escaped.
That doesn't make any sense. Those 5 headers are all passed through
_buildAddressLinks() right before this code which creates <A> tags in
those header values. So when you call htmlspecialchars() on this
code, all I see is the HTML code for our address links wherever an
e-mail header is supposed to be.
michael
--
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the dev
mailing list