From 2c89ca7298ea693facc0f72c32c71f2bdcaff329 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <bruederli@kolabsys.com>
Date: Wed, 08 Aug 2012 15:29:40 -0400
Subject: [PATCH] Backporting: Fix HTML entities handling in HTML editor (#1488483)

---
 program/steps/mail/compose.inc |   35 ++++++++++++++++++++---------------
 1 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index d98452a..a13507f 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -124,7 +124,7 @@
 $OUTPUT->add_label('nosubject', 'nosenderwarning', 'norecipientwarning', 'nosubjectwarning', 'cancel',
     'nobodywarning', 'notsentwarning', 'notuploadedwarning', 'savingmessage', 'sendingmessage', 
     'messagesaved', 'converting', 'editorwarning', 'searching', 'uploading', 'uploadingmany',
-    'fileuploaderror');
+    'fileuploaderror', 'sendmessage');
 
 $OUTPUT->set_env('compose_id', $COMPOSE['id']);
 
@@ -138,6 +138,9 @@
 $OUTPUT->set_env('sig_above', $RCMAIL->config->get('sig_above', false));
 $OUTPUT->set_env('top_posting', $RCMAIL->config->get('top_posting', false));
 $OUTPUT->set_env('recipients_separator', trim($RCMAIL->config->get('recipients_separator', ',')));
+
+// use jquery UI for showing prompt() dialogs
+$RCMAIL->plugins->load_plugin('jqueryui');
 
 // get reference message and set compose mode
 if ($msg_uid = $COMPOSE['param']['draft_uid']) {
@@ -346,10 +349,14 @@
 
   // we have a set of recipients stored is session
   if ($header == 'to' && ($mailto_id = $COMPOSE['param']['mailto'])
-      && $COMPOSE[$mailto_id]
+      && $_SESSION['mailto'][$mailto_id]
   ) {
-    $fvalue = urldecode($COMPOSE[$mailto_id]);
+    $fvalue = urldecode($_SESSION['mailto'][$mailto_id]);
     $decode_header = false;
+
+    // make session to not grow up too much
+    unset($_SESSION['mailto'][$mailto_id]);
+    $COMPOSE['param']['to'] = $fvalue;
   }
   else if (!empty($_POST['_'.$header])) {
     $fvalue = get_input_value('_'.$header, RCUBE_INPUT_POST, TRUE);
@@ -708,7 +715,7 @@
   if ($isHtml) {
     $attrib['class'] = 'mce_editor';
     $textarea = new html_textarea($attrib);
-    $out .= $textarea->show($MESSAGE_BODY);
+    $out .= $textarea->show(htmlentities($MESSAGE_BODY, ENT_NOQUOTES, RCMAIL_CHARSET));
   }
   else {
     $textarea = new html_textarea($attrib);
@@ -893,18 +900,18 @@
         "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
       rcube_label('subject'), Q($MESSAGE->subject),
       rcube_label('date'), Q($date),
-      rcube_label('from'), htmlspecialchars(Q($MESSAGE->get_header('from'), 'replace'), ENT_COMPAT, $charset),
-      rcube_label('to'), htmlspecialchars(Q($MESSAGE->get_header('to'), 'replace'), ENT_COMPAT, $charset));
+      rcube_label('from'), Q($MESSAGE->get_header('from'), 'replace'),
+      rcube_label('to'), Q($MESSAGE->get_header('to'), 'replace'));
 
     if ($MESSAGE->headers->cc)
       $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
         rcube_label('cc'),
-        htmlspecialchars(Q($MESSAGE->get_header('cc'), 'replace'), ENT_COMPAT, $charset));
+        Q($MESSAGE->get_header('cc'), 'replace'));
 
     if ($MESSAGE->headers->replyto && $MESSAGE->headers->replyto != $MESSAGE->headers->from)
       $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>",
         rcube_label('replyto'),
-        htmlspecialchars(Q($MESSAGE->get_header('replyto'), 'replace'), ENT_COMPAT, $charset));
+        Q($MESSAGE->get_header('replyto'), 'replace'));
 
     $prefix .= "</tbody></table><br>";
   }
@@ -1231,7 +1238,7 @@
             'title' => rcube_label('delete'),
             'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", JS_OBJECT_NAME, $id)),
           $button) . Q($a_prop['name']));
-        
+
         $jslist['rcmfile'.$id] = array('name' => $a_prop['name'], 'complete' => true, 'mimetype' => $a_prop['mimetype']);
     }
   }
@@ -1245,14 +1252,14 @@
 
   $OUTPUT->set_env('attachments', $jslist);
   $OUTPUT->add_gui_object('attachmentlist', $attrib['id']);
-    
+
   return html::tag('ul', $attrib, $out, html::$common_attrib);
 }
 
 
 function rcmail_compose_attachment_form($attrib)
 {
-  global $RCMAIL, $OUTPUT;
+  global $OUTPUT;
 
   // add ID if not given
   if (!$attrib['id'])
@@ -1293,7 +1300,7 @@
 function rcmail_priority_selector($attrib)
 {
   global $MESSAGE;
-  
+
   list($form_start, $form_end) = get_form_tags($attrib);
   unset($attrib['form']);
 
@@ -1330,7 +1337,7 @@
   unset($attrib['form']);
 
   if (!isset($attrib['id']))
-    $attrib['id'] = 'receipt';  
+    $attrib['id'] = 'receipt';
 
   $attrib['name'] = '_receipt';
   $attrib['value'] = '1';
@@ -1373,8 +1380,6 @@
 
 function rcmail_editor_selector($attrib)
 {
-  global $CONFIG, $MESSAGE, $compose_mode;
-
   // determine whether HTML or plain text should be checked
   $useHtml = rcmail_compose_editor_mode();
 

--
Gitblit v1.9.1