tags 675586 + patch thanks Coin,
I investigated this issue, starting from PHP 5.4 incompatible changes. According to:
http://fr.php.net/manual/en/migration54.other.phphtmlentities and htmlspecialchars have changed in a "will surely break lots of websites" way.
I changed a few htmlspecialchars calls (in the provided patch) to not trust the new default values for charset-sensitive text fields, and succeeded in fixing the mailbox listing, message view, and reply form. I'm not 100% certain everything is fixed but at least it should be usable again.
Unfortunately, it is very probable other parts of Horde core and apps would be affected. I'll open extra bugs if i can spot other problems.
Regards. -- Marc Dequènes (Duck)
diff -Nur /usr/share/horde3_orig_htmlspecialchars/imp/compose.php /usr/share/horde3/imp/compose.php
--- /usr/share/horde3_orig_htmlspecialchars/imp/compose.php 2012-01-07 13:08:31.000000000 +0100
+++ /usr/share/horde3/imp/compose.php 2012-06-04 03:49:05.000000000 +0200
@@ -822,7 +822,7 @@
$t->set('mailbox', htmlspecialchars($thismailbox));
$t->set('index', htmlspecialchars($index));
$t->set('status', IMP::status());
- $t->set('title', htmlspecialchars($title));
+ $t->set('title', htmlspecialchars($title, ENT_COMPAT, NLS::getCharset()));
$t->set('token', IMP::getRequestToken('imp.compose'));
if ($registry->hasMethod('contacts/search')) {
@@ -845,14 +845,14 @@
if (count($to_item) > 1) {
$entry['multiple'] = true;
$entry['select_tabindex'] = ++$tabindex;
- $entry['select_name'] = htmlspecialchars($to_item[0]);
+ $entry['select_name'] = htmlspecialchars($to_item[0], ENT_COMPAT, NLS::getCharset());
$entry['select_to'] = array();
for ($i = 1; $i < count($to_item); $i++) {
- $entry['select_to'][] = array('val' => htmlspecialchars($to_item[$i]));
+ $entry['select_to'][] = array('val' => htmlspecialchars($to_item[$i], ENT_COMPAT, NLS::getCharset()));
}
} else {
$entry['multiple'] = null;
- $entry['input_value'] = htmlspecialchars($to_item);
+ $entry['input_value'] = htmlspecialchars($to_item, ENT_COMPAT, NLS::getCharset());
}
$entry['input_tabindex'] = ++$tabindex;
@@ -868,7 +868,7 @@
$t->set('to_hdrs', $to_hdrs);
} else {
$t->set('input_tabindex', ++$tabindex);
- $t->set('input_value', htmlspecialchars($header['to']));
+ $t->set('input_value', htmlspecialchars($header['to'], ENT_COMPAT, NLS::getCharset()));
$t->set('help', Help::link('imp', 'compose-to'));
}
@@ -928,7 +928,7 @@
}
$t->set('hidden', $hidden);
- $t->set('title', htmlspecialchars($title));
+ $t->set('title', htmlspecialchars($title, ENT_COMPAT, NLS::getCharset()));
$t->set('send_msg_ak', Horde::getAccessKeyAndTitle(_("_Send Message")));
if ($conf['user']['allow_folders']) {
$t->set('save_draft_ak', Horde::getAccessKeyAndTitle(_("Save _Draft")));
@@ -938,7 +938,7 @@
if ($t->get('di_locked')) {
$t->set('help_compose-from', Help::link('imp', 'compose-from'));
$t->set('fromaddr_locked', $prefs->isLocked('from_addr'));
- $t->set('from', htmlspecialchars($identity->getFromLine(null, Util::getFormData('from'))));
+ $t->set('from', htmlspecialchars($identity->getFromLine(null, Util::getFormData('from')), ENT_COMPAT, NLS::getCharset()));
if (!$t->get('fromaddr_locked')) {
$t->set('fromaddr_tabindex', ++$tabindex);
}
@@ -952,12 +952,12 @@
$t->set('selectlist_tabindex', ++$tabindex);
$t_select_list = array();
foreach ($select_list as $key => $select) {
- $t_select_list[] = array('value' => $key, 'selected' => ($key == $identity->getDefault()), 'label' => htmlspecialchars($select));
+ $t_select_list[] = array('value' => $key, 'selected' => ($key == $identity->getDefault()), 'label' => htmlspecialchars($select, ENT_COMPAT, NLS::getCharset()));
}
$t->set('select_list', $t_select_list);
} else {
$t->set('identity_default', $identity->getDefault());
- $t->set('identity_text', htmlspecialchars($select_list[0]));
+ $t->set('identity_text', htmlspecialchars($select_list[0], ENT_COMPAT, NLS::getCharset()));
}
}
$t->set('label_to', Horde::label('to', _("_To")));
@@ -987,15 +987,15 @@
if (count($item) > 1) {
$entry['multiple'] = true;
$entry['select_tabindex'] = ++$tabindex;
- $entry['select_name'] = htmlspecialchars($item[0]);
+ $entry['select_name'] = htmlspecialchars($item[0], ENT_COMPAT, NLS::getCharset());
$entry['select_arr'] = array();
for ($i = 1; $i < count($item); $i++) {
- $entry['select_arr'][] = array('val' => htmlspecialchars($item[$i]));
+ $entry['select_arr'][] = array('val' => htmlspecialchars($item[$i], ENT_COMPAT, NLS::getCharset()));
}
$entry['input_value'] = null;
} else {
$entry['multiple'] = null;
- $entry['input_value'] = htmlspecialchars($item);
+ $entry['input_value'] = htmlspecialchars($item, ENT_COMPAT, NLS::getCharset());
}
$entry['input_tabindex'] = ++$tabindex;
@@ -1011,7 +1011,7 @@
} else {
$addr['multiple'] = false;
$addr['input_tabindex'] = ++$tabindex;
- $addr['input_value'] = htmlspecialchars($header[$val]);
+ $addr['input_value'] = htmlspecialchars($header[$val], ENT_COMPAT, NLS::getCharset());
$addr['help_compose'] = Help::link('imp', 'compose-' . $val);
}
$address_array[] = $addr;
@@ -1020,7 +1020,7 @@
$t->set('subject_label', Horde::label('subject', _("S_ubject")));
$t->set('subject_tabindex', ++$tabindex);
- $t->set('subject', htmlspecialchars($header['subject']));
+ $t->set('subject', htmlspecialchars($header['subject'], ENT_COMPAT, NLS::getCharset()));
$t->set('help-subject', Help::link('imp', 'compose-subject'));
$t->set('set_priority', $prefs->getValue('set_priority'));
@@ -1154,7 +1154,7 @@
$t->set('message_label', Horde::label('message', _("Te_xt")));
$t->set('message_tabindex', ++$tabindex);
- $t->set('message', htmlspecialchars($msg));
+ $t->set('message', htmlspecialchars($msg, ENT_COMPAT, NLS::getCharset()));
$t->set('use_encrypt', ($prefs->getValue('use_pgp') || $prefs->getValue('use_smime')));
if ($t->get('use_encrypt')) {
diff -Nur /usr/share/horde3_orig_htmlspecialchars/imp/lib/MIME/Headers.php /usr/share/horde3/imp/lib/MIME/Headers.php
--- /usr/share/horde3_orig_htmlspecialchars/imp/lib/MIME/Headers.php 2012-06-04 01:28:46.000000000 +0200
+++ /usr/share/horde3/imp/lib/MIME/Headers.php 2012-06-04 02:24:41.000000000 +0200
@@ -200,13 +200,13 @@
continue;
}
- $ret = htmlspecialchars($ad->display);
+ $ret = htmlspecialchars($ad->display, ENT_COMPAT, NLS::getCharset());
/* If this is an incomplete e-mail address, don't link to
* anything. */
if (stristr($ad->host, 'UNKNOWN') === false) {
if ($link) {
- $ret = Horde::link(IMP::composeLink(array('to' => $ad->address)), sprintf(_("New Message to %s"), $ad->inner)) . htmlspecialchars($ad->display) . '</a>';
+ $ret = Horde::link(IMP::composeLink(array('to' => $ad->address)), sprintf(_("New Message to %s"), $ad->inner)) . htmlspecialchars($ad->display, ENT_COMPAT, NLS::getCharset()) . '</a>';
}
/* Append the add address icon to every address if contact
@@ -221,15 +221,15 @@
$group_array[] = $ret;
}
- $addr_array[] = htmlspecialchars($ob->groupname) . ':' . (count($group_array) ? ' ' . implode(', ', $group_array) : '');
+ $addr_array[] = htmlspecialchars($ob->groupname, ENT_COMPAT, NLS::getCharset()) . ':' . (count($group_array) ? ' ' . implode(', ', $group_array) : '');
} elseif (!empty($ob->address) && !empty($ob->inner)) {
- $ret = htmlspecialchars($ob->display);
+ $ret = htmlspecialchars($ob->display, ENT_COMPAT, NLS::getCharset());
/* If this is an incomplete e-mail address, don't link to
* anything. */
if (stristr($ob->host, 'UNKNOWN') === false) {
if ($link) {
- $ret = Horde::link(IMP::composeLink(array('to' => $ob->address)), sprintf(_("New Message to %s"), $ob->inner)) . htmlspecialchars($ob->display) . '</a>';
+ $ret = Horde::link(IMP::composeLink(array('to' => $ob->address)), sprintf(_("New Message to %s"), $ob->inner)) . htmlspecialchars($ob->display, ENT_COMPAT, NLS::getCharset()) . '</a>';
}
/* Append the add address icon to every address if contact
diff -Nur /usr/share/horde3_orig_htmlspecialchars/imp/mailbox.php /usr/share/horde3/imp/mailbox.php
--- /usr/share/horde3_orig_htmlspecialchars/imp/mailbox.php 2012-01-07 13:08:30.000000000 +0100
+++ /usr/share/horde3/imp/mailbox.php 2012-06-04 03:26:07.000000000 +0200
@@ -847,7 +847,7 @@
$msg['size'] = htmlspecialchars($msg['size']);
/* Format the From: Header. */
- $msg['from'] = htmlspecialchars($msg['from']);
+ $msg['from'] = htmlspecialchars($msg['from'], ENT_COMPAT, NLS::getCharset());
switch ($fromlinkstyle) {
case 0:
if (empty($ob->getfrom['error'])) {
pgp3ccCvWaVU1.pgp
Description: PGP Digital Signature
