diff -ur squirrelmail-webmail-1.4.22/functions/addressbook.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/addressbook.php --- squirrelmail-webmail-1.4.22/functions/addressbook.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/addressbook.php 2012-07-05 18:12:36.000000000 +0900 @@ -154,7 +154,7 @@ * display address book init errors. */ if ($abook_init_error!='' && $showerr) { - $abook_init_error = htmlspecialchars($abook_init_error); + $abook_init_error = sq_htmlspecialchars($abook_init_error); error_box($abook_init_error,$color); } diff -ur squirrelmail-webmail-1.4.22/functions/display_messages.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/display_messages.php --- squirrelmail-webmail-1.4.22/functions/display_messages.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/display_messages.php 2012-07-05 18:12:36.000000000 +0900 @@ -32,7 +32,7 @@ } $string .= sprintf (_("Click here to return to %s"), - htmlspecialchars(imap_utf7_decode_local($mailbox))). + sq_htmlspecialchars(imap_utf7_decode_local($mailbox))). ''; error_box($string, $color); } diff -ur squirrelmail-webmail-1.4.22/functions/forms.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/forms.php --- squirrelmail-webmail-1.4.22/functions/forms.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/forms.php 2012-07-05 18:12:36.000000000 +0900 @@ -23,8 +23,8 @@ */ function addInputField($type, $name = null, $value = null, $attributes = '') { return '\n"; } @@ -89,16 +89,16 @@ if(count($values) == 1) { $k = key($values); $v = array_pop($values); return addHidden($name, ($usekeys ? $k:$v)). - htmlspecialchars($v) . "\n"; + sq_htmlspecialchars($v) . "\n"; } - $ret = '\n"; foreach ($values as $k => $v) { if(!$usekeys) $k = $v; $ret .= '\n"; + '>' . sq_htmlspecialchars($v) ."\n"; } $ret .= "\n"; @@ -123,9 +123,9 @@ * Textarea form element. */ function addTextArea($name, $text = '', $cols = 40, $rows = 10, $attr = '') { - return '\n"; + $attr . '>'.sq_htmlspecialchars($text) ."\n"; } /** @@ -156,7 +156,7 @@ $enctype = ' enctype="'.$enctype.'"'; } if($charset) { - $charset = ' accept-charset="'.htmlspecialchars($charset).'"'; + $charset = ' accept-charset="'.sq_htmlspecialchars($charset).'"'; } $form_string = '
' . "
\n"; } error_box($string,$color); @@ -399,9 +399,9 @@ _("ERROR: Could not complete request.") . "
\n" . _("Query:") . ' ' . - htmlspecialchars($query) . '
' . + sq_htmlspecialchars($query) . '
' . _("Reason Given:") . ' ' . - htmlspecialchars($message) . "
\n"; + sq_htmlspecialchars($message) . "
\n"; error_box($string,$color); echo ''; exit; @@ -414,9 +414,9 @@ _("ERROR: Bad or malformed request.") . "
\n" . _("Query:") . ' '. - htmlspecialchars($query) . '
' . + sq_htmlspecialchars($query) . '
' . _("Server responded:") . ' ' . - htmlspecialchars($message) . "
\n"; + sq_htmlspecialchars($message) . "
\n"; error_box($string,$color); echo ''; exit; @@ -427,9 +427,9 @@ _("ERROR: IMAP server closed the connection.") . "
\n" . _("Query:") . ' '. - htmlspecialchars($query) . '
' . + sq_htmlspecialchars($query) . '
' . _("Server responded:") . ' ' . - htmlspecialchars($message) . "
\n"; + sq_htmlspecialchars($message) . "
\n"; error_box($string,$color); echo ''; exit; @@ -440,9 +440,9 @@ _("ERROR: Unknown IMAP response.") . "
\n" . _("Query:") . ' '. - htmlspecialchars($query) . '
' . + sq_htmlspecialchars($query) . '
' . _("Server responded:") . ' ' . - htmlspecialchars($message) . "
\n"; + sq_htmlspecialchars($message) . "
\n"; error_box($string,$color); /* the error is displayed but because we don't know the reponse we return the result anyway */ @@ -588,7 +588,7 @@ if (!$hide) { if ($response != 'NO') { /* "BAD" and anything else gets reported here. */ - $message = htmlspecialchars($message); + $message = sq_htmlspecialchars($message); set_up_language($squirrelmail_language, true); require_once(SM_PATH . 'functions/display_messages.php'); if ($response == 'BAD') { @@ -599,7 +599,7 @@ if (isset($read) && is_array($read)) { $string .= '
' . _("Read data:") . "
\n"; foreach ($read as $line) { - $string .= htmlspecialchars($line) . "
\n"; + $string .= sq_htmlspecialchars($line) . "
\n"; } } error_box($string,$color); diff -ur squirrelmail-webmail-1.4.22/functions/imap_mailbox.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/imap_mailbox.php --- squirrelmail-webmail-1.4.22/functions/imap_mailbox.php 2011-05-03 15:41:53.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/imap_mailbox.php 2012-07-05 18:12:36.000000000 +0900 @@ -254,7 +254,7 @@ if (strstr($mailbox, '../') || substr($mailbox, 0, 1) == '/') { global $color; include_once(SM_PATH . 'functions/display_messages.php'); - error_box(sprintf(_("Invalid mailbox name: %s"),htmlspecialchars($mailbox)),$color); + error_box(sprintf(_("Invalid mailbox name: %s"),sq_htmlspecialchars($mailbox)),$color); sqimap_logout($imap_stream); die(''); } @@ -555,16 +555,16 @@ $box2 = $boxes_part['formatted']; break; default: /* default, long names, style = 0 */ - $box2 = str_replace(' ', ' ', htmlspecialchars(imap_utf7_decode_local($boxes_part['unformatted-disp']))); + $box2 = str_replace(' ', ' ', sq_htmlspecialchars(imap_utf7_decode_local($boxes_part['unformatted-disp']))); break; } } $box2 = str_replace(array('<','>'), array('<','>') , $box2); if ($show_selected != 0 && in_array($lowerbox, $show_selected) ) { - $mbox_options .= '' . "\n"; + $mbox_options .= '' . "\n"; } else { - $mbox_options .= '' . "\n"; + $mbox_options .= '' . "\n"; } } } diff -ur squirrelmail-webmail-1.4.22/functions/imap_messages.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/imap_messages.php --- squirrelmail-webmail-1.4.22/functions/imap_messages.php 2011-04-19 03:42:49.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/imap_messages.php 2012-07-05 18:12:36.000000000 +0900 @@ -786,7 +786,7 @@ _("ERROR: Could not complete request.") . '
' . _("Unknown response from IMAP server:") . ' 1.' . - htmlspecialchars($read) . "
\n"; + sq_htmlspecialchars($read) . "
\n"; break; } $i = strpos($read,'(',$i_space+5); diff -ur squirrelmail-webmail-1.4.22/functions/imap_search.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/imap_search.php --- squirrelmail-webmail-1.4.22/functions/imap_search.php 2011-04-27 04:05:34.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/imap_search.php 2012-07-05 18:12:36.000000000 +0900 @@ -97,7 +97,7 @@ if (strstr($errors,'* SEARCH')) { return array(); } - echo ''; + echo ''; } diff -ur squirrelmail-webmail-1.4.22/functions/mailbox_display.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/mailbox_display.php --- squirrelmail-webmail-1.4.22/functions/mailbox_display.php 2011-05-16 07:02:24.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/mailbox_display.php 2012-07-05 18:12:36.000000000 +0900 @@ -110,10 +110,10 @@ if ($senderNames_part[1]) { $senderName .= decodeHeader($senderNames_part[1]); } else { - $senderName .= htmlspecialchars($senderNames_part[0]); + $senderName .= sq_htmlspecialchars($senderNames_part[0]); } - $senderFrom .= htmlspecialchars($senderNames_part[0]); + $senderFrom .= sq_htmlspecialchars($senderNames_part[0]); } } $senderName = str_replace(' ',' ',$senderName); @@ -530,8 +530,8 @@ $form_name = "FormMsgs" . $safe_name; echo '' ."\n" . '' . "\n" . - '' . "\n" . - '' . "\n"; + '' . "\n" . + '' . "\n"; echo ''; echo '' . '' . - '' . + '' . '' - . '' - . '' + . '' + . '' . "\n"; } @@ -821,9 +821,9 @@ function createWidget_Submit() { $result = "name\" value=\"" - . htmlspecialchars($this->comment) + . sq_htmlspecialchars($this->comment) . "\" $this->script />" - . htmlspecialchars($this->trailing_text) . "\n"; + . sq_htmlspecialchars($this->trailing_text) . "\n"; return $result; @@ -944,7 +944,7 @@ function create_hidden_element($name, $value) { $result = ''; + . 'value="' . sq_htmlspecialchars($value) . '" />'; return ($result); } diff -ur squirrelmail-webmail-1.4.22/functions/page_header.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/page_header.php --- squirrelmail-webmail-1.4.22/functions/page_header.php 2011-07-12 12:44:14.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/page_header.php 2012-07-05 18:12:36.000000000 +0900 @@ -268,7 +268,7 @@ echo "\n\n"; /** Here is the header and wrapping table **/ - $shortBoxName = htmlspecialchars(imap_utf7_decode_local( + $shortBoxName = sq_htmlspecialchars(imap_utf7_decode_local( readShortMailboxName($mailbox, $delimiter))); if ( $shortBoxName == 'INBOX' ) { $shortBoxName = _("INBOX"); diff -ur squirrelmail-webmail-1.4.22/plugins/bug_report/bug_report.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/bug_report/bug_report.php --- squirrelmail-webmail-1.4.22/plugins/bug_report/bug_report.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/bug_report/bug_report.php 2012-07-05 18:12:36.000000000 +0900 @@ -163,7 +163,7 @@ $body_top .= "----------------------------------------------\n"; } -$body = htmlspecialchars($body_top . $body); +$body = sq_htmlspecialchars($body_top . $body); ?>
diff -ur squirrelmail-webmail-1.4.22/plugins/calendar/calendar.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/calendar/calendar.php --- squirrelmail-webmail-1.4.22/plugins/calendar/calendar.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/calendar/calendar.php 2012-07-05 18:12:36.000000000 +0900 @@ -114,11 +114,11 @@ $calbar = $calendardata[$cdate][$calfoo['key']]; // FIXME: how to display multiline task $title = '['. $calfoo['key']. '] ' . - str_replace(array("\r","\n"),array(' ',' '),htmlspecialchars($calbar['message'])); + str_replace(array("\r","\n"),array(' ',' '),sq_htmlspecialchars($calbar['message'])); // FIXME: link to nowhere echo "".htmlspecialchars($calbar['title'])."
\n"; + ."\" title=\"$title\">".sq_htmlspecialchars($calbar['title'])."
\n"; $i=$i+1; if($i==2){ break; diff -ur squirrelmail-webmail-1.4.22/plugins/calendar/day.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/calendar/day.php --- squirrelmail-webmail-1.4.22/plugins/calendar/day.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/calendar/day.php 2012-07-05 18:12:36.000000000 +0900 @@ -127,9 +127,9 @@ html_tag( 'td', date_intl(_("H:i"),mktime($ehour,$eminute,0,1,1,0)) . $elength, 'left' ) . html_tag( 'td', '', 'left' ) . '['; echo ($calbar['priority']==1) ? - "".htmlspecialchars($calbar['title']).'' : - htmlspecialchars($calbar['title']); - echo']
'.nl2br(htmlspecialchars($calbar['message'])).'
' . + "".sq_htmlspecialchars($calbar['title']).'' : + sq_htmlspecialchars($calbar['title']); + echo']
'.nl2br(sq_htmlspecialchars($calbar['message'])).'
' . html_tag( 'td', "\n" . "\n", '', $color[4], 'colspan="2"' ) ."\n" @@ -198,11 +198,11 @@ ) . html_tag( 'tr', html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" . - html_tag( 'td', htmlspecialchars($event_title) , 'left', $color[4] ) ."\n" + html_tag( 'td', sq_htmlspecialchars($event_title) , 'left', $color[4] ) ."\n" ) . html_tag( 'tr', html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" . - html_tag( 'td', nl2br(htmlspecialchars($event_text)) , 'left', $color[4] ) ."\n" + html_tag( 'td', nl2br(sq_htmlspecialchars($event_text)) , 'left', $color[4] ) ."\n" ) . html_tag( 'tr', html_tag( 'td', diff -ur squirrelmail-webmail-1.4.22/plugins/filters/options.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/filters/options.php --- squirrelmail-webmail-1.4.22/plugins/filters/options.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/filters/options.php 2012-07-05 18:12:36.000000000 +0900 @@ -203,7 +203,7 @@ html_tag( 'td', '', 'left' ) . ''. ''. @@ -265,7 +265,7 @@ printf( _("If %s contains %s then move to %s"), ''.$filters[$i]['where'].'', ''.$filters[$i]['what'].'', - ''.htmlspecialchars(imap_utf7_decode_local($fdr)).''); + ''.sq_htmlspecialchars(imap_utf7_decode_local($fdr)).''); echo ''; } diff -ur squirrelmail-webmail-1.4.22/plugins/filters/spamoptions.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/filters/spamoptions.php --- squirrelmail-webmail-1.4.22/plugins/filters/spamoptions.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/filters/spamoptions.php 2012-07-05 18:12:36.000000000 +0900 @@ -199,7 +199,7 @@ echo html_tag( 'p', '', 'center' ) . '[' . _("Edit") . ']' . ' - [' . _("Done") . ']

'; - printf( _("Spam is sent to %s."), ($filters_spam_folder?''.htmlspecialchars(imap_utf7_decode_local($filters_spam_folder)).'':'['._("not set yet").']' ) ); + printf( _("Spam is sent to %s."), ($filters_spam_folder?''.sq_htmlspecialchars(imap_utf7_decode_local($filters_spam_folder)).'':'['._("not set yet").']' ) ); echo '
'; printf( _("Spam scan is limited to %s."), '' . ( ($filters_spam_scan == 'new')?_("Unread messages only"):_("All messages") ) . '' ); echo '

'. diff -ur squirrelmail-webmail-1.4.22/plugins/fortune/fortune_functions.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/fortune/fortune_functions.php --- squirrelmail-webmail-1.4.22/plugins/fortune/fortune_functions.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/fortune/fortune_functions.php 2012-07-05 18:12:36.000000000 +0900 @@ -30,7 +30,7 @@ if (!$exist) { $sMsg = sprintf(_("%s is not found."),$fortune_location); } else { - $sMsg = htmlspecialchars(shell_exec($fortune_location . ' -s')); + $sMsg = sq_htmlspecialchars(shell_exec($fortune_location . ' -s')); } diff -ur squirrelmail-webmail-1.4.22/plugins/info/functions.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/info/functions.php --- squirrelmail-webmail-1.4.22/plugins/info/functions.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/info/functions.php 2012-07-05 18:12:36.000000000 +0900 @@ -30,7 +30,7 @@ $sid = sqimap_session_id(); $results = array(); $query = "$sid ".trim($string)."\r\n"; - print ""; + print ""; fputs ($imap_stream, $query); $response = sqimap_read_data_list($imap_stream, $sid, false, $responses, $message); array_push($response, $message); @@ -43,7 +43,7 @@ print_response($value); } else { - print htmlspecialchars($value)."
\n"; + print sq_htmlspecialchars($value)."
\n"; } } } diff -ur squirrelmail-webmail-1.4.22/plugins/info/options.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/info/options.php --- squirrelmail-webmail-1.4.22/plugins/info/options.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/info/options.php 2012-07-05 18:12:36.000000000 +0900 @@ -75,7 +75,7 @@ print "
'; diff -ur squirrelmail-webmail-1.4.22/functions/mime.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/mime.php --- squirrelmail-webmail-1.4.22/functions/mime.php 2011-07-12 13:53:35.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/mime.php 2012-07-05 18:12:36.000000000 +0900 @@ -43,7 +43,7 @@ '
'; $errormessage = _("SquirrelMail could not decode the bodystructure of the message"); $errormessage .= '
'._("The bodystructure provided by your IMAP server:").'

'; - $errormessage .= '
' . htmlspecialchars($read) . '
'; + $errormessage .= '
' . sq_htmlspecialchars($read) . '
'; plain_error_message( $errormessage, $color ); echo ''; exit; @@ -540,7 +540,7 @@ ''.decodeHeader($display_filename).' 
' . show_readable_size($header->size) . '  [ '.htmlspecialchars($type0).'/'.htmlspecialchars($type1).' ] [ '.sq_htmlspecialchars($type0).'/'.htmlspecialchars($type1).' ] '; $attachments .= '' . $description . ''; $attachments .= ' '; @@ -671,7 +671,7 @@ $iLastMatch = $i; $j = $i; if ($htmlsave) { - $ret .= htmlspecialchars($res[1]); + $ret .= sq_htmlspecialchars($res[1]); } else { $ret .= $res[1]; } @@ -696,7 +696,7 @@ $replace = charset_decode($res[2],$replace); } elseif ($htmlsave) { // string is not converted, but still sanitized - $replace = htmlspecialchars($replace); + $replace = sq_htmlspecialchars($replace); } $ret.= $replace; break; @@ -712,7 +712,7 @@ $replace = charset_decode($res[2], $replace); } elseif ($htmlsave) { // string is not converted, but still sanizited - $replace = htmlspecialchars($replace); + $replace = sq_htmlspecialchars($replace); } $ret .= $replace; break; @@ -731,7 +731,7 @@ } if (!$encoded && $htmlsave) { - $ret .= htmlspecialchars($chunk); + $ret .= sq_htmlspecialchars($chunk); } else { $ret .= $chunk; } diff -ur squirrelmail-webmail-1.4.22/functions/options.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/options.php --- squirrelmail-webmail-1.4.22/functions/options.php 2011-07-12 13:36:01.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/functions/options.php 2012-07-05 18:12:36.000000000 +0900 @@ -305,7 +305,7 @@ } function createWidget_Info() { - $result = htmlspecialchars($this->value) . "\n"; + $result = sq_htmlspecialchars($this->value) . "\n"; return $result; } @@ -341,9 +341,9 @@ $result = "name\" value=\"" - . htmlspecialchars($this->value) + . sq_htmlspecialchars($this->value) . "\" size=\"$width\" $this->script /> " - . htmlspecialchars($this->trailing_text) . "\n"; + . sq_htmlspecialchars($this->trailing_text) . "\n"; return $result; } @@ -384,14 +384,14 @@ foreach ($this->possible_values as $real_value => $disp_value) { $result .= "\n" . 'value ? ' checked="checked"' : '') . ' /> '; if ($this->size != SMOPT_SIZE_TINY) $result .= '
'; @@ -437,7 +437,7 @@ foreach ($this->possible_values as $real_value => $disp_value) { /* Start the next new option string. */ $new_option = '\n"; + $new_option .= '>' . ($this->htmlencoded ? $disp_value : sq_htmlspecialchars($disp_value)) . "\n"; /* And add the new option string to our select tag. */ $result .= $new_option; } /* Close the select tag and return our happy result. */ - $result .= '' . htmlspecialchars($this->trailing_text) . "\n"; + $result .= '' . sq_htmlspecialchars($this->trailing_text) . "\n"; return $result; } @@ -520,7 +520,7 @@ } else { /* Start the next new option string. */ - $new_option = '\n"; } /* And add the new option string to our select tag. */ $result .= $new_option; } /* Close the select tag and return our happy result. */ - $result .= '' . htmlspecialchars($this->trailing_text) . "\n"; + $result .= '' . sq_htmlspecialchars($this->trailing_text) . "\n"; return $result; } @@ -560,7 +560,7 @@ } $result = "\n"; + . sq_htmlspecialchars($this->value) . "\n"; return ($result); } @@ -628,7 +628,7 @@ . '" id="new_' . $this->name . '" value="' . SMPREF_YES . "\" $yes_chk " . $this->script . ' /> ' . ''; + . sq_htmlspecialchars($this->trailing_text) . ''; } // radio buttons... @@ -639,13 +639,13 @@ $yes_option = 'script /> " - . ''; + . ''; /* Build the no choice. */ $no_option = 'script /> " - . ''; + . ''; /* Build the combined "boolean widget". */ $result = "$yes_option    $no_option"; @@ -657,7 +657,7 @@ function createWidget_Hidden() { $result = 'script . ' />'; return ($result); } @@ -733,7 +733,7 @@ // Start the next new option string. // - $result .= '\n"; } @@ -783,8 +783,8 @@ else $bgcolor = 4; $result .= '
".htmlspecialchars($query)."
".sq_htmlspecialchars($query)."
Server Capability response:
\n"; foreach($caps_array[0] as $value) { - print htmlspecialchars($value); + print sq_htmlspecialchars($value); } print "
\n"; @@ -94,8 +94,8 @@ } } else { - print 'folder_prefix = ' . htmlspecialchars($folder_prefix) . "
\n". - 'default_charset = ' . htmlspecialchars($default_charset) . "\n"; + print 'folder_prefix = ' . sq_htmlspecialchars($folder_prefix) . "
\n". + 'default_charset = ' . sq_htmlspecialchars($default_charset) . "\n"; } print "

\n"; diff -ur squirrelmail-webmail-1.4.22/plugins/listcommands/mailout.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/listcommands/mailout.php --- squirrelmail-webmail-1.4.22/plugins/listcommands/mailout.php 2011-02-01 22:06:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/listcommands/mailout.php 2012-07-05 18:12:36.000000000 +0900 @@ -39,7 +39,7 @@ $out_string = _("This will send a message to %s requesting that you will be unsubscribed from this list. It will try to unsubscribe the adress below."); break; default: - error_box(sprintf(_("Unknown action: %s"),htmlspecialchars($action)), $color); + error_box(sprintf(_("Unknown action: %s"),sq_htmlspecialchars($action)), $color); exit; } @@ -52,7 +52,7 @@ html_tag( 'td', '', 'left' ); -printf( $out_string, htmlspecialchars($send_to) ); +printf( $out_string, sq_htmlspecialchars($send_to) ); echo ''. ''; @@ -65,20 +65,20 @@ echo '' . "\n" ; } else { - echo htmlspecialchars('"'.$idents[0]['full_name'].'" <'.$idents[0]['email_address'].'>'); + echo sq_htmlspecialchars('"'.$idents[0]['full_name'].'" <'.$idents[0]['email_address'].'>'); } echo '

' -. '' -. '' -. '' -. '' +. '' +. '' +. '' +. '' . '

' . ''; diff -ur squirrelmail-webmail-1.4.22/plugins/mail_fetch/fetch.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/mail_fetch/fetch.php --- squirrelmail-webmail-1.4.22/plugins/mail_fetch/fetch.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/mail_fetch/fetch.php 2012-07-05 18:12:36.000000000 +0900 @@ -34,7 +34,7 @@ function Mail_Fetch_Status($msg) { echo html_tag( 'table', html_tag( 'tr', - html_tag( 'td', htmlspecialchars( $msg ) , 'left' ) + html_tag( 'td', sq_htmlspecialchars( $msg ) , 'left' ) ), '', '', 'width="90%"' ); flush(); @@ -82,7 +82,7 @@ '' . "\n"; } echo '' . @@ -94,7 +94,7 @@ if ($mailfetch_pass_[$i]=='') { echo html_tag( 'tr', html_tag( 'td', _("Password for") . ' ' . - htmlspecialchars((($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . + sq_htmlspecialchars((($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . ':     ', 'right' ) . html_tag( 'td', '', 'left' ) @@ -137,7 +137,7 @@ html_tag( 'table', html_tag( 'tr', html_tag( 'td', '' . _("Fetching from ") . - htmlspecialchars((($mailfetch_alias_[$i_loop] == '')?$mailfetch_server:$mailfetch_alias_[$i_loop])) . + sq_htmlspecialchars((($mailfetch_alias_[$i_loop] == '')?$mailfetch_server:$mailfetch_alias_[$i_loop])) . '', 'center' ) , '', $color[9] ) , @@ -227,7 +227,7 @@ } $Count = $pop3->login($mailfetch_user, $mailfetch_pass); if (($Count == false || $Count == -1) && $pop3->ERROR != '') { - Mail_Fetch_Status(_("Login Failed:") . ' ' . htmlspecialchars($pop3->ERROR) ); + Mail_Fetch_Status(_("Login Failed:") . ' ' . sq_htmlspecialchars($pop3->ERROR) ); Mail_Fetch_Status(_("Saving UIDL")); setPref($data_dir,$username,"mailfetch_uidl_$i_loop", $mailfetch_uidl[$i-1]); @@ -266,7 +266,7 @@ if( $pop3->delete($i) ) { Mail_Fetch_Status(sprintf(_("Message %d deleted from remote server!"), $i)); } else { - Mail_Fetch_Status(_("Delete failed:") . htmlspecialchars($pop3->ERROR) ); + Mail_Fetch_Status(_("Delete failed:") . sq_htmlspecialchars($pop3->ERROR) ); } } } else { diff -ur squirrelmail-webmail-1.4.22/plugins/mail_fetch/options.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/mail_fetch/options.php --- squirrelmail-webmail-1.4.22/plugins/mail_fetch/options.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/mail_fetch/options.php 2012-07-05 18:12:36.000000000 +0900 @@ -316,7 +316,7 @@ echo '' . _("Server Name:") . ' '. '  '. @@ -342,7 +342,7 @@ html_tag( 'td', "" . '' . - '
' . _("Selected Server:") . " " . htmlspecialchars($mailfetch_server_[$mf_sn]) . "
" . + '
' . _("Selected Server:") . " " . sq_htmlspecialchars($mailfetch_server_[$mf_sn]) . "
" . _("Confirm delete of selected server?") . '

' . '' . '
' , @@ -369,23 +369,23 @@ html_tag( 'table' ) . html_tag( 'tr', html_tag( 'th', _("Server:"), 'right' ) . - html_tag( 'td', '', 'left' ) + html_tag( 'td', '', 'left' ) ) . html_tag( 'tr', html_tag( 'th', _("Port:"), 'right' ) . - html_tag( 'td', '', 'left' ) + html_tag( 'td', '', 'left' ) ) . html_tag( 'tr', html_tag( 'th', _("Alias:"), 'right' ) . - html_tag( 'td', '', 'left' ) + html_tag( 'td', '', 'left' ) ) . html_tag( 'tr', html_tag( 'th', _("Username:"), 'right' ) . - html_tag( 'td', '', 'left' ) + html_tag( 'td', '', 'left' ) ) . html_tag( 'tr', html_tag( 'th', _("Password:"), 'right' ) . - html_tag( 'td', '', 'left' ) + html_tag( 'td', '', 'left' ) ) . html_tag( 'tr' ) . html_tag( 'th', _("Store in Folder:"), 'right' ) . diff -ur squirrelmail-webmail-1.4.22/plugins/message_details/message_details_bottom.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/message_details/message_details_bottom.php --- squirrelmail-webmail-1.4.22/plugins/message_details/message_details_bottom.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/message_details/message_details_bottom.php 2012-07-05 18:12:36.000000000 +0900 @@ -215,7 +215,7 @@ $entities["$entStr"]['contenttype']=$reg[2].'/'.$reg[3]; } } else if (!$nameset && preg_match("/^.*(name=\s*)\"(.*)\".*/i",$line,$reg)) { - $name = htmlspecialchars($reg[2]); + $name = sq_htmlspecialchars($reg[2]); $content[$content_indx]['name'] = decodeHeader($name); $nameset = true; if (isset($entities["$entStr"])) { @@ -246,7 +246,7 @@ } } */ - $line = htmlspecialchars($line); + $line = sq_htmlspecialchars($line); $message_body .= "$pre"."$line"."$end".'
'."\r\n"; } diff -ur squirrelmail-webmail-1.4.22/plugins/newmail/newmail_opt.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/newmail/newmail_opt.php --- squirrelmail-webmail-1.4.22/plugins/newmail/newmail_opt.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/newmail/newmail_opt.php 2012-07-05 18:12:36.000000000 +0900 @@ -159,8 +159,8 @@ if ($fname == $media) { echo 'selected="selected" '; } - echo 'value="' . htmlspecialchars($fname) . '">' . - htmlspecialchars($entry) . "\n"; + echo 'value="' . sq_htmlspecialchars($fname) . '">' . + sq_htmlspecialchars($entry) . "\n"; } } $d->close(); @@ -174,8 +174,8 @@ html_tag( 'tr', "\n" . html_tag( 'td', _("Current File:"), 'right', '', 'nowrap' ) . html_tag( 'td', '' . - htmlspecialchars($media_output) . '', 'left' ) + sq_htmlspecialchars($media) . '" name="media_default">' . + sq_htmlspecialchars($media_output) . '', 'left' ) ) . "\n"; } echo html_tag( 'tr', "\n" . diff -ur squirrelmail-webmail-1.4.22/plugins/newmail/setup.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/newmail/setup.php --- squirrelmail-webmail-1.4.22/plugins/newmail/setup.php 2011-07-12 12:19:15.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/newmail/setup.php 2012-07-05 18:12:36.000000000 +0900 @@ -242,7 +242,7 @@ if ($totalNew > 0 && $newmail_enable == 'on' && $newmail_media != '' && $newmail_media != '(none)') { $newmail_media=sqm_baseuri().'plugins/newmail/sounds/'.basename($newmail_media); - echo '\n"; } if ($totalNew > 0 && $newmail_popup == 'on') { diff -ur squirrelmail-webmail-1.4.22/plugins/newmail/testsound.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/newmail/testsound.php --- squirrelmail-webmail-1.4.22/plugins/newmail/testsound.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/newmail/testsound.php 2012-07-05 18:12:36.000000000 +0900 @@ -34,7 +34,7 @@ echo html_tag( 'table', html_tag( 'tr', html_tag( 'td', - ''. + ''. '
'. '' . _("Loading the sound...") . '
'. '
'. diff -ur squirrelmail-webmail-1.4.22/plugins/spamcop/options.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/spamcop/options.php --- squirrelmail-webmail-1.4.22/plugins/spamcop/options.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/spamcop/options.php 2012-07-05 18:12:36.000000000 +0900 @@ -130,7 +130,7 @@ '(' . _("see below") . ')','right','','valign="top"'); ?> - + \n"; diff -ur squirrelmail-webmail-1.4.22/plugins/spamcop/spamcop.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/spamcop/spamcop.php --- squirrelmail-webmail-1.4.22/plugins/spamcop/spamcop.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/spamcop/spamcop.php 2012-07-05 18:12:36.000000000 +0900 @@ -130,8 +130,8 @@ echo '\n"; } else { ?> - - + + \n"; } @@ -147,9 +147,9 @@ $form_action = sqm_baseuri() . 'src/compose.php'; ?> - - - + + + @@ -171,7 +171,7 @@ } ?> - + "; } diff -ur squirrelmail-webmail-1.4.22/plugins/translate/setup.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/translate/setup.php --- squirrelmail-webmail-1.4.22/plugins/translate/setup.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/plugins/translate/setup.php 2012-07-05 18:12:36.000000000 +0900 @@ -226,7 +226,7 @@ } if (! is_null($charset)) - echo ' accept-charset="'.htmlspecialchars($charset).'"'; + echo ' accept-charset="'.sq_htmlspecialchars($charset).'"'; echo ">\n"; @@ -251,7 +251,7 @@ - +  ' . _("To") . ' ' . + sq_htmlspecialchars($email) . '" /> ' . _("To") . ' ' . ' ' . _("Cc") . ' ' . + sq_htmlspecialchars($email) . '" /> ' . _("Cc") . ' ' . ' ' . _("Bcc") . ' ' , + sq_htmlspecialchars($email) . '" /> ' . _("Bcc") . ' ' , 'center', '', 'width="5%" nowrap' ) . - html_tag( 'td', ' ' . htmlspecialchars($row['lastname']) . ' ' . htmlspecialchars($row['firstname']) . ' ', 'left', '', 'nowrap' ) . - html_tag( 'td', ' ' . htmlspecialchars($row['email']) . ' ', 'left', '', 'nowrap' ) . - html_tag( 'td', ' ' . htmlspecialchars($row['label']) . ' ', 'left', '', 'nowrap' ); + html_tag( 'td', ' ' . sq_htmlspecialchars($row['lastname']) . ' ' . htmlspecialchars($row['firstname']) . ' ', 'left', '', 'nowrap' ) . + html_tag( 'td', ' ' . sq_htmlspecialchars($row['email']) . ' ', 'left', '', 'nowrap' ) . + html_tag( 'td', ' ' . sq_htmlspecialchars($row['label']) . ' ', 'left', '', 'nowrap' ); } else { echo html_tag( 'tr', '', '', $tr_bgcolor, 'nowrap' ) . html_tag( 'td', @@ -155,9 +155,9 @@ addCheckBox('send_to_search[B'.$line.']', FALSE, $email). ' ' . _("Bcc") . ' ' , 'center', '', 'width="5%" nowrap' ) . - html_tag( 'td', ' ' . htmlspecialchars($row['name']) . ' ', 'left', '', 'nowrap' ) . - html_tag( 'td', ' ' . htmlspecialchars($row['email']) . ' ', 'left', '', 'nowrap' ) . - html_tag( 'td', ' ' . htmlspecialchars($row['label']) . ' ', 'left', '', 'nowrap' ); + html_tag( 'td', ' ' . sq_htmlspecialchars($row['name']) . ' ', 'left', '', 'nowrap' ) . + html_tag( 'td', ' ' . sq_htmlspecialchars($row['email']) . ' ', 'left', '', 'nowrap' ) . + html_tag( 'td', ' ' . sq_htmlspecialchars($row['label']) . ' ', 'left', '', 'nowrap' ); } if ($includesource) { diff -ur squirrelmail-webmail-1.4.22/src/addressbook.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/addressbook.php --- squirrelmail-webmail-1.4.22/src/addressbook.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/addressbook.php 2012-07-05 18:12:36.000000000 +0900 @@ -345,7 +345,7 @@ html_tag( 'tr', html_tag( 'td', "\n". '' . _("ERROR") . ': ' . htmlspecialchars($abook->error) . '' ."\n", + '">' . _("ERROR") . ': ' . sq_htmlspecialchars($abook->error) . '' ."\n", 'center' ) ), 'center', '', 'width="100%"' ); @@ -400,7 +400,7 @@ html_tag( 'tr', html_tag( 'td', "\n". '
' . _("ERROR") . ': ' . htmlspecialchars($formerror) . '' ."\n", + '">' . _("ERROR") . ': ' . sq_htmlspecialchars($formerror) . '' ."\n", 'center' ) ), 'center', '', 'width="100%"' ); @@ -412,7 +412,7 @@ /* Get and sort address list */ $alist = $abook->list_addr(); if(!is_array($alist)) { - $abook->error = htmlspecialchars($abook->error); + $abook->error = sq_htmlspecialchars($abook->error); plain_error_message($abook->error, $color); exit; } @@ -522,8 +522,8 @@ ' ' , 'center', '', 'valign="top" width="1%"' ); } - echo html_tag( 'td', '  ', 'left', '', 'valign="top" width="10%" nowrap' ) . - html_tag( 'td', '  ', 'left', '', 'valign="top" width="10%" nowrap' ) . + echo html_tag( 'td', '  ', 'left', '', 'valign="top" width="10%" nowrap' ) . + html_tag( 'td', '  ', 'left', '', 'valign="top" width="10%" nowrap' ) . html_tag( 'td', '', 'left', '', 'valign="top" width="10%" nowrap' ) . ' '; } else { echo html_tag( 'tr', '', '', $tr_bgcolor); @@ -538,16 +538,16 @@ ' ' , 'center', '', 'valign="top" width="1%"' ); } - echo html_tag( 'td', '  ', 'left', '', 'valign="top" width="10%" nowrap' ) . - html_tag( 'td', '  ', 'left', '', 'valign="top" width="10%" nowrap' ) . + echo html_tag( 'td', '  ', 'left', '', 'valign="top" width="10%" nowrap' ) . + html_tag( 'td', '  ', 'left', '', 'valign="top" width="10%" nowrap' ) . html_tag( 'td', '', 'left', '', 'valign="top" width="10%" nowrap' ) . ' '; } $email = $abook->full_address($row); echo addHidden($row['backend'] . ':' . $row['nickname'], rawurlencode($email)) . makeComposeLink('src/compose.php?send_to='.rawurlencode($email), - htmlspecialchars($row['email'])). + sq_htmlspecialchars($row['email'])). ' '."\n". - html_tag( 'td', '  ', 'left', '', 'valign="top" width="10%"' ); + html_tag( 'td', '  ', 'left', '', 'valign="top" width="10%"' ); // add extra column if third party backend needs it if ($abook->add_extra_field) { diff -ur squirrelmail-webmail-1.4.22/src/compose.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/compose.php --- squirrelmail-webmail-1.4.22/src/compose.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/compose.php 2012-07-05 18:12:36.000000000 +0900 @@ -1158,7 +1158,7 @@ if (isset($identity) && $identity == $nr) { echo ' selected="selected"'; } - echo '>' . htmlspecialchars( + echo '>' . sq_htmlspecialchars( $data['full_name'] . ' <' . $data['email_address'] . '>') . "\n"; @@ -1225,10 +1225,10 @@ } else { echo "\n\n".($prefix_sig==true? "-- \n":'').decodeHeader($signature,false,false,true); } - echo "\n\n".htmlspecialchars(decodeHeader($body,false,false,true)); + echo "\n\n".sq_htmlspecialchars(decodeHeader($body,false,false,true)); } else { - echo "\n\n".htmlspecialchars(decodeHeader($body,false,false,true)); + echo "\n\n".sq_htmlspecialchars(decodeHeader($body,false,false,true)); if ($default_charset == 'iso-2022-jp') { echo "\n\n".($prefix_sig==true? "-- \n":'').mb_convert_encoding($signature, 'EUC-JP'); }else{ @@ -1236,7 +1236,7 @@ } } } else { - echo htmlspecialchars(decodeHeader($body,false,false,true)); + echo sq_htmlspecialchars(decodeHeader($body,false,false,true)); } echo '
' . "\n" . ' ' . "\n" . @@ -1684,7 +1684,7 @@ return $succes; } else { $msg = '
'.sprintf(_("Error: Draft folder %s does not exist."), - htmlspecialchars($draft_folder)); + sq_htmlspecialchars($draft_folder)); plain_error_message($msg, $color); return false; } diff -ur squirrelmail-webmail-1.4.22/src/folders_rename_getname.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/folders_rename_getname.php --- squirrelmail-webmail-1.4.22/src/folders_rename_getname.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/folders_rename_getname.php 2012-07-05 18:12:36.000000000 +0900 @@ -64,7 +64,7 @@ if (strpos($displayable_old, $delimiter)) { $old_name = substr($displayable_old, strrpos($displayable_old, $delimiter)+1); - $parent = htmlspecialchars(substr($displayable_old, + $parent = sq_htmlspecialchars(substr($displayable_old, 0, strrpos($displayable_old, $delimiter)) . ' ' . $delimiter); diff -ur squirrelmail-webmail-1.4.22/src/options_highlight.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/options_highlight.php --- squirrelmail-webmail-1.4.22/src/options_highlight.php 2011-05-16 07:02:24.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/options_highlight.php 2012-07-05 18:12:36.000000000 +0900 @@ -179,11 +179,11 @@ $links, 'left', $color[4], 'width="20%" nowrap' ) . html_tag( 'td', - htmlspecialchars($message_highlight_list[$i]['name']) , + sq_htmlspecialchars($message_highlight_list[$i]['name']) , 'left' ) . html_tag( 'td', $match_type . ' = ' . - htmlspecialchars($message_highlight_list[$i]['value']) , + sq_htmlspecialchars($message_highlight_list[$i]['value']) , 'left' ) , '', '#' . $message_highlight_list[$i]['color'] ) . "\n"; } diff -ur squirrelmail-webmail-1.4.22/src/options_identities.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/options_identities.php --- squirrelmail-webmail-1.4.22/src/options_identities.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/options_identities.php 2012-07-05 18:12:36.000000000 +0900 @@ -174,7 +174,7 @@ $str = ''; $str .= '\n"; $str .= ' ' . $title . ' ' . "\n"; - $str .= ' ' . "\n"; + $str .= ' ' . "\n"; $str .= ''; return $str; @@ -185,7 +185,7 @@ $str = ''; $str .= '\n"; $str .= ' ' . $title . ' ' . "\n"; - $str .= ' ' . "\n"; + $str .= ' ' . "\n"; $str .= ''; return $str; diff -ur squirrelmail-webmail-1.4.22/src/printer_friendly_bottom.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/printer_friendly_bottom.php --- squirrelmail-webmail-1.4.22/src/printer_friendly_bottom.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/printer_friendly_bottom.php 2012-07-05 18:12:36.000000000 +0900 @@ -131,7 +131,7 @@ ) . "\n" . html_tag( 'tr', html_tag( 'td', _("Date").': ', 'left' ) . - html_tag( 'td', htmlspecialchars($date), 'left' ) + html_tag( 'td', sq_htmlspecialchars($date), 'left' ) ) . "\n" . html_tag( 'tr', html_tag( 'td', _("To").': ', 'left','','valign="top"' ) . @@ -280,7 +280,7 @@ html_tag( 'td',show_readable_size($header->size), 'left') . '' . html_tag( 'td',_("Type:"), 'right') . - html_tag( 'td',htmlspecialchars($type0).'/'.htmlspecialchars($type1), 'left') . + html_tag( 'td',sq_htmlspecialchars($type0).'/'.htmlspecialchars($type1), 'left') . ''; if (! empty($description)) { $attachments .= $description; diff -ur squirrelmail-webmail-1.4.22/src/read_body.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/read_body.php --- squirrelmail-webmail-1.4.22/src/read_body.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/read_body.php 2012-07-05 18:12:36.000000000 +0900 @@ -458,7 +458,7 @@ $env[_("Cc")] = formatRecipientString($header->cc, "cc"); $env[_("Bcc")] = formatRecipientString($header->bcc, "bcc"); if ($default_use_priority) { - $env[_("Priority")] = htmlspecialchars(getPriorityStr($header->priority)); + $env[_("Priority")] = sq_htmlspecialchars(getPriorityStr($header->priority)); } if ($show_xmailer_default) { $env[_("Mailer")] = decodeHeader($header->xmailer); diff -ur squirrelmail-webmail-1.4.22/src/right_main.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/right_main.php --- squirrelmail-webmail-1.4.22/src/right_main.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/right_main.php 2012-07-05 18:12:36.000000000 +0900 @@ -174,7 +174,7 @@ do_hook('right_main_after_header'); if (isset($note)) { - echo html_tag( 'div', '' . htmlspecialchars($note) .'', 'center' ) . "
\n"; + echo html_tag( 'div', '' . sq_htmlspecialchars($note) .'', 'center' ) . "
\n"; } if ( sqgetGlobalVar('just_logged_in', $just_logged_in, SQ_SESSION) ) { diff -ur squirrelmail-webmail-1.4.22/src/search.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/search.php --- squirrelmail-webmail-1.4.22/src/search.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/search.php 2012-07-05 18:12:36.000000000 +0900 @@ -238,7 +238,7 @@ $showbox = imap_utf7_decode_local($mailbox); } echo html_tag( 'div', '' . _("Folder:") . ' '. - htmlspecialchars($showbox) .'','center') . "\n"; + sq_htmlspecialchars($showbox) .'','center') . "\n"; $msg_cnt_str = get_msgcnt_str(1, $cnt, $cnt); $toggle_all = get_selectall_link(1, $sort); @@ -246,7 +246,7 @@ $safe_name = preg_replace("/[^0-9A-Za-z_]/", '_', $mailbox); $form_name = "FormMsgs" . $safe_name; echo '' ."\n" . - '' . "\n" . + '' . "\n" . '' . "\n" . addHidden('smtoken', sm_generate_security_token()) . "\n"; @@ -371,9 +371,9 @@ } else { echo html_tag( 'tr', '', '', $color[4] ); } - echo html_tag( 'td', htmlspecialchars(imap_utf7_decode_local($saved_attributes['saved_folder'][$i + 1])), 'left', '', 'width="35%"' ) - . html_tag( 'td', htmlspecialchars($saved_attributes['saved_what'][$i + 1]), 'left' ) - . html_tag( 'td', htmlspecialchars($saved_attributes['saved_where'][$i + 1]), 'center' ) + echo html_tag( 'td', sq_htmlspecialchars(imap_utf7_decode_local($saved_attributes['saved_folder'][$i + 1])), 'left', '', 'width="35%"' ) + . html_tag( 'td', sq_htmlspecialchars($saved_attributes['saved_what'][$i + 1]), 'left' ) + . html_tag( 'td', sq_htmlspecialchars($saved_attributes['saved_where'][$i + 1]), 'center' ) . html_tag( 'td', '', 'right' ) . '' . _("save") diff -ur squirrelmail-webmail-1.4.22/src/vcard.php squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/vcard.php --- squirrelmail-webmail-1.4.22/src/vcard.php 2011-01-06 11:44:03.000000000 +0900 +++ squirrelmail-webmail-1.4.22-PHP54jaJP_20120705taka2/src/vcard.php 2012-07-05 18:12:36.000000000 +0900 @@ -97,14 +97,14 @@ } else { echo '' . sprintf(_("vCard Version %s is not supported. Some information might not be converted correctly."), - htmlspecialchars($vcard_nice['version'])) . + sq_htmlspecialchars($vcard_nice['version'])) . "\n"; $vcard_nice['firstname'] = ''; $vcard_nice['lastname'] = ''; } foreach ($vcard_nice as $k => $v) { - $v = htmlspecialchars($v); + $v = sq_htmlspecialchars($v); $v = trim($v); $vcard_safe[$k] = trim(nl2br($v)); } @@ -166,44 +166,44 @@ ''; @@ -212,7 +212,7 @@ ' . + sq_htmlspecialchars(!empty($vcard_nice['email;internet'])?$vcard_nice['email;internet']:'') . '" />' . '' . '