27 Mar
2013
27 Mar
'13
8:14 a.m.
On 03/27/2013 08:42 AM, Thomas Bruederli wrote:
I tracked it down to htmlspecialchars() in html::quote() used to quote the value attribute of the subject input field that returns an empty string if invalid characters are in the input.
Confirmed, and this is not PHP 5.4 only.
The best (but very expensive) solution is to run every string through a charset validation function (whatever that might be) in order to verify that it doesn't contain invalid chars. Or maybe we can just do more sanity checks only for messages that do not specify charset information.
We can also:
- Use ENT_SUBSTITUTE when PHP 5.4 is detected.
- Use rcube_charset::clean() on headers input. This shouldn't be very
expensive.
--
Aleksander 'A.L.E.C' Machniak
LAN Management System Developer [http://lms.org.pl]
Roundcube Webmail Developer [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl