kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/mail/squirrelmail/files/patch-functions_strings.php
Steve Wills d3e3022b8e mail/squirrelmail: Update to 20170705 
While here, give maintainership to submitter

PR:		219801
Submitted by:	Zsolt Udvari <uzsolt@uzsolt.hu>
MFH:		2017Q3
Security:	e1de77e8-c45e-48d7-8866-5a6f943046de
2017-08-22 17:25:09 +00:00

71 lines
2.8 KiB
PHP
Raw Blame History

--- functions/strings.php.orig 2017-01-27 20:31:33 UTC
+++ functions/strings.php
@@ -1489,7 +1489,13 @@ function sm_validate_security_token($tok
* (See http://php.net/manual/function.htmlspecialchars.php )
* (OPTIONAL; default ENT_COMPAT, ENT_COMPAT | ENT_SUBSTITUTE for PHP >=5.4)
* @param string $encoding The character encoding to use in the conversion
- * (OPTIONAL; default automatic detection)
+ * (if not one of the character sets supported
+ * by PHP's htmlspecialchars(), then $encoding
+ * will be ignored and iso-8859-1 will be used,
+ * unless a default has been specified in
+ * $default_htmlspecialchars_encoding in
+ * config_local.php) (OPTIONAL; default automatic
+ * detection)
* @param boolean $double_encode Whether or not to convert entities that are
* already in the string (only supported in
* PHP 5.2.3+) (OPTIONAL; default TRUE)
@@ -1500,6 +1506,31 @@ function sm_validate_security_token($tok
function sm_encode_html_special_chars($string, $flags=ENT_COMPAT,
$encoding=NULL, $double_encode=TRUE)
{
+
+ // charsets supported by PHP's htmlspecialchars
+ // (move this elsewhere if needed)
+ //
+ static $htmlspecialchars_charsets = array(
+ 'iso-8859-1', 'iso8859-1',
+ 'iso-8859-5', 'iso8859-5',
+ 'iso-8859-15', 'iso8859-15',
+ 'utf-8',
+ 'cp866', 'ibm866', '866',
+ 'cp1251', 'windows-1251', 'win-1251', '1251',
+ 'cp1252', 'windows-1252', '1252',
+ 'koi8-R', 'koi8-ru', 'koi8r',
+ 'big5', '950',
+ 'gb2312', '936',
+ 'big5-hkscs',
+ 'shift_jis', 'sjis', 'sjis-win', 'cp932', '932',
+ 'euc-jp', 'eucjp', 'eucjp-win',
+ 'macroman',
+ );
+
+
+ // if not given, set encoding to the charset being
+ // used by the current user interface language
+ //
if (!$encoding)
{
global $default_charset;
@@ -1508,6 +1539,21 @@ function sm_encode_html_special_chars($s
$encoding = $default_charset;
}
+
+ // make sure htmlspecialchars() supports the needed encoding
+ //
+ if (!in_array(strtolower($encoding), $htmlspecialchars_charsets))
+ {
+ // use default from configuration if provided or hard-coded fallback
+ //
+ global $default_htmlspecialchars_encoding;
+ if (!empty($default_htmlspecialchars_encoding))
+ $encoding = $default_htmlspecialchars_encoding;
+ else
+ $encoding = 'iso-8859-1';
+ }
+
+
if (check_php_version(5, 2, 3)) {
// Replace invalid characters with a symbol instead of returning
// empty string for the entire to be encoded string.
Reference in a new issue View git blame Copy permalink