On 03/27/2013 08:42 AM, Thomas Bruederli wrote: > I tracked it down to htmlspecialchars() in html::quote() used to quote > the value attribute of the subject input field that returns an empty > string if invalid characters are in the input.
Confirmed, and this is not PHP 5.4 only. > The best (but very expensive) solution is to run every string through > a charset validation function (whatever that might be) in order to > verify that it doesn't contain invalid chars. Or maybe we can just do > more sanity checks only for messages that do not specify charset > information. We can also: - Use ENT_SUBSTITUTE when PHP 5.4 is detected. - Use rcube_charset::clean() on headers input. This shouldn't be very expensive. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl _______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
