|
|
@@ -97,7 +97,7 @@ class SquirrelOption {
|
|
|
}
|
|
|
|
|
|
/* Check for a new value. */
|
|
|
- if ( !sqgetGlobalVar("new_$name", $this->new_value, SQ_POST ) ) {
|
|
|
+ if ( !sqgetGlobalVar("new_$name", $this->new_value, SQ_POST ) ) {
|
|
|
$this->new_value = '';
|
|
|
}
|
|
|
|
|
|
@@ -208,33 +208,36 @@ class SquirrelOption {
|
|
|
$width = 25;
|
|
|
}
|
|
|
|
|
|
- $result = "<input name=\"new_$this->name\" value=\"$this->value\" size=\"$width\" $this->script>";
|
|
|
+ $result = "<input name=\"new_$this->name\" value=\"" .
|
|
|
+ htmlspecialchars($this->value) .
|
|
|
+ "\" size=\"$width\" $this->script />\n";
|
|
|
return ($result);
|
|
|
}
|
|
|
|
|
|
function createWidget_StrList() {
|
|
|
/* Begin the select tag. */
|
|
|
- $result = "<select name=\"new_$this->name\" $this->script>";
|
|
|
+ $result = "<select name=\"new_$this->name\" $this->script>\n";
|
|
|
|
|
|
/* Add each possible value to the select list. */
|
|
|
foreach ($this->possible_values as $real_value => $disp_value) {
|
|
|
/* Start the next new option string. */
|
|
|
- $new_option = "<option value=\"$real_value\"";
|
|
|
+ $new_option = '<option value="' .
|
|
|
+ htmlspecialchars($real_value) . '"';
|
|
|
|
|
|
/* If this value is the current value, select it. */
|
|
|
if ($real_value == $this->value) {
|
|
|
- $new_option .= ' selected=""';
|
|
|
+ $new_option .= ' selected="selected"';
|
|
|
}
|
|
|
|
|
|
/* Add the display value to our option string. */
|
|
|
- $new_option .= ">$disp_value</option>";
|
|
|
+ $new_option .= '>' . htmlspecialchars($disp_value) . "</option>\n";
|
|
|
|
|
|
/* And add the new option string to our select tag. */
|
|
|
$result .= $new_option;
|
|
|
}
|
|
|
|
|
|
/* Close the select tag and return our happy result. */
|
|
|
- $result .= '</select>';
|
|
|
+ $result .= "</select>\n";
|
|
|
return ($result);
|
|
|
}
|
|
|
|
|
|
@@ -242,7 +245,7 @@ class SquirrelOption {
|
|
|
$selected = array(strtolower($this->value));
|
|
|
|
|
|
/* Begin the select tag. */
|
|
|
- $result = "<select name=\"new_$this->name\" $this->script>";
|
|
|
+ $result = "<select name=\"new_$this->name\" $this->script>\n";
|
|
|
|
|
|
/* Add each possible value to the select list. */
|
|
|
foreach ($this->possible_values as $real_value => $disp_value) {
|
|
|
@@ -251,21 +254,21 @@ class SquirrelOption {
|
|
|
$new_option = sqimap_mailbox_option_list(0, $selected, 0, $disp_value);
|
|
|
} else {
|
|
|
/* Start the next new option string. */
|
|
|
- $new_option = "<option value=\"$real_value\"";
|
|
|
+ $new_option = '<option value="' . htmlspecialchars($real_value) . '"';
|
|
|
|
|
|
/* If this value is the current value, select it. */
|
|
|
if ($real_value == $this->value) {
|
|
|
- $new_option .= ' selected';
|
|
|
+ $new_option .= ' selected="selected"';
|
|
|
}
|
|
|
|
|
|
/* Add the display value to our option string. */
|
|
|
- $new_option .= ">$disp_value</option>";
|
|
|
+ $new_option .= '>' . htmlspecialchars($disp_value) . "</option>\n";
|
|
|
}
|
|
|
/* And add the new option string to our select tag. */
|
|
|
$result .= $new_option;
|
|
|
}
|
|
|
/* Close the select tag and return our happy result. */
|
|
|
- $result .= '</select>';
|
|
|
+ $result .= "</select>\n";
|
|
|
return ($result);
|
|
|
}
|
|
|
|
|
|
@@ -280,7 +283,8 @@ class SquirrelOption {
|
|
|
default: $rows = 5; $cols = 50;
|
|
|
}
|
|
|
$result = "<textarea name=\"new_$this->name\" rows=\"$rows\" "
|
|
|
- . "cols=\"$cols\" $this->script>$this->value</textarea>";
|
|
|
+ . "cols=\"$cols\" $this->script>"
|
|
|
+ . htmlspecialchars($this->value) . "</textarea>\n";
|
|
|
return ($result);
|
|
|
}
|
|
|
|
|
|
@@ -291,10 +295,10 @@ class SquirrelOption {
|
|
|
// add onChange javascript handler to a regular string widget
|
|
|
// which will strip out all non-numeric chars
|
|
|
if ($javascript_on)
|
|
|
- return preg_replace('/>/', ' onChange="origVal=this.value; newVal=\'\'; '
|
|
|
+ return preg_replace('/\/>/', ' onChange="origVal=this.value; newVal=\'\'; '
|
|
|
. 'for (i=0;i<origVal.length;i++) { if (origVal.charAt(i)>=\'0\' '
|
|
|
. '&& origVal.charAt(i)<=\'9\') newVal += origVal.charAt(i); } '
|
|
|
- . 'this.value=newVal;">', $this->createWidget_String());
|
|
|
+ . 'this.value=newVal;" />', $this->createWidget_String());
|
|
|
else
|
|
|
return $this->createWidget_String();
|
|
|
}
|
|
|
@@ -306,10 +310,10 @@ class SquirrelOption {
|
|
|
// add onChange javascript handler to a regular string widget
|
|
|
// which will strip out all non-numeric (period also OK) chars
|
|
|
if ($javascript_on)
|
|
|
- return preg_replace('/>/', ' onChange="origVal=this.value; newVal=\'\'; '
|
|
|
+ return preg_replace('/\/>/', ' onChange="origVal=this.value; newVal=\'\'; '
|
|
|
. 'for (i=0;i<origVal.length;i++) { if ((origVal.charAt(i)>=\'0\' '
|
|
|
. '&& origVal.charAt(i)<=\'9\') || origVal.charAt(i)==\'.\') '
|
|
|
- . 'newVal += origVal.charAt(i); } this.value=newVal;">'
|
|
|
+ . 'newVal += origVal.charAt(i); } this.value=newVal;" />'
|
|
|
, $this->createWidget_String());
|
|
|
else
|
|
|
return $this->createWidget_String();
|
|
|
@@ -328,13 +332,13 @@ class SquirrelOption {
|
|
|
/* Build the yes choice. */
|
|
|
$yes_option = '<input type="radio" id="new_' . $this->name . '_yes" '
|
|
|
. 'name="new_' . $this->name . '" value="' . SMPREF_YES . '"'
|
|
|
- . $yes_chk . ' ' . $this->script . '> '
|
|
|
+ . $yes_chk . ' ' . $this->script . ' /> '
|
|
|
. '<label for="new_'.$this->name.'_yes">' . _("Yes") . '</label>';
|
|
|
|
|
|
/* Build the no choice. */
|
|
|
$no_option = '<input type="radio" id="new_' . $this->name . '_no" '
|
|
|
. 'name="new_' . $this->name . '" value="' . SMPREF_NO . '"'
|
|
|
- . $no_chk . ' ' . $this->script . '> '
|
|
|
+ . $no_chk . ' ' . $this->script . ' /> '
|
|
|
. '<label for="new_'.$this->name.'_no">' . _("No") . '</label>';
|
|
|
|
|
|
/* Build and return the combined "boolean widget". */
|
|
|
@@ -344,7 +348,8 @@ class SquirrelOption {
|
|
|
|
|
|
function createWidget_Hidden() {
|
|
|
$result = '<input type="hidden" name="new_' . $this->name
|
|
|
- . '" value="' . $this->value . '" ' . $this->script . '>';
|
|
|
+ . '" value="' . htmlspecialchars($this->value)
|
|
|
+ . '" ' . $this->script . ' />';
|
|
|
return ($result);
|
|
|
}
|
|
|
|
|
|
@@ -387,7 +392,7 @@ function create_optmode_element($optmode) {
|
|
|
function create_hidden_element($name, $value) {
|
|
|
$result = '<input type="hidden" '
|
|
|
. 'name="' . $name . '" '
|
|
|
- . 'value="' . $value . '">';
|
|
|
+ . 'value="' . htmlspecialchars($value) . '" />';
|
|
|
return ($result);
|
|
|
}
|
|
|
|
|
|
@@ -497,4 +502,5 @@ function OptionSubmit( $name ) {
|
|
|
) . "\n";
|
|
|
}
|
|
|
|
|
|
+// vim: et ts=4
|
|
|
?>
|
Thijs Kinkhorst