--- openwebmail-read.pl.orig Sun May 1 20:00:00 2005
+++ openwebmail-read.pl Thu Sep 28 16:36:55 2006
@@ -755,7 +755,8 @@
$temphtml .= "
\n";
my ($ename, $eaddr)=ow::tool::email2nameaddr($message{from});
- $temphtml .= qq|$lang_text{'from'}: $from \n|;
+ my $jseaddr = $eaddr; $jseaddr=~ s/'/\\'/g; # escape ' with \'
+ $temphtml .= qq|$lang_text{'from'}: $from \n|;
if ($printfriendly ne "yes") {
if ($config{'enable_addressbook'}) {
my $is_writableabook_found=0;
@@ -774,13 +775,13 @@
if ($is_writableabook_found) {
my $fullname=(iconv($message{charset}, $prefs{charset}, $ename))[0];
my ($firstname, $lastname) = split(/\s+/, $fullname, 2);
- $temphtml .= qq| |. iconlink("import.s.gif", "$lang_text{'importadd'} $eaddr", qq|href="$config{'ow_cgiurl'}/openwebmail-abook.pl?action=addreditform&sessionid=$thissession&sort=$sort&msgdatetype=$msgdatetype&page=$page&folder=$escapedfolder&message_id=$escapedmessageid&N.0.VALUE.GIVENNAME=|.ow::tool::escapeURL($firstname).qq|&N.0.VALUE.FAMILYNAME=|.ow::tool::escapeURL($lastname).qq|&FN.0.VALUE=|.ow::tool::escapeURL($fullname).qq|&EMAIL.0.VALUE=|.ow::tool::escapeURL($eaddr).qq|&formchange=1" onclick="return confirm('$lang_text{importadd} $eaddr ?');"|) . qq|\n|;
+ $temphtml .= qq| |. iconlink("import.s.gif", qq|$lang_text{'importadd'} |.ow::htmltext::str2html($eaddr), qq|href="$config{'ow_cgiurl'}/openwebmail-abook.pl?action=addreditform&sessionid=$thissession&sort=$sort&msgdatetype=$msgdatetype&page=$page&folder=$escapedfolder&message_id=$escapedmessageid&N.0.VALUE.GIVENNAME=|.ow::tool::escapeURL($firstname).qq|&N.0.VALUE.FAMILYNAME=|.ow::tool::escapeURL($lastname).qq|&FN.0.VALUE=|.ow::tool::escapeURL($fullname).qq|&EMAIL.0.VALUE=|.ow::tool::escapeURL($eaddr).qq|&formchange=1" onclick="return confirm('$lang_text{importadd} |.ow::htmltext::str2html($jseaddr).qq| ?');"|) . qq|\n|;
} else {
- $temphtml .= qq| |. iconlink("import.s.gif", "$lang_text{'importadd'} $eaddr", qq|href="$config{'ow_cgiurl'}/openwebmail-abook.pl?action=addrbookedit&sessionid=$thissession&sort=$sort&msgdatetype=$msgdatetype&page=$page&folder=$escapedfolder&message_id=$escapedmessageid" onclick="return confirm('$lang_err{abook_all_readonly}');"|) . qq|\n|;
+ $temphtml .= qq| |. iconlink("import.s.gif", qq|$lang_text{'importadd'} |.ow::htmltext::str2html($eaddr), qq|href="$config{'ow_cgiurl'}/openwebmail-abook.pl?action=addrbookedit&sessionid=$thissession&sort=$sort&msgdatetype=$msgdatetype&page=$page&folder=$escapedfolder&message_id=$escapedmessageid" onclick="return confirm('$lang_err{abook_all_readonly}');"|) . qq|\n|;
}
}
if ($config{'enable_userfilter'}) {
- $temphtml .= qq| |. iconlink("blockemail.gif", "$lang_text{'blockemail'} $eaddr", qq|href="$config{'ow_cgiurl'}/openwebmail-prefs.pl?action=addfilter&sessionid=$thissession&sort=$sort&msgdatetype=$msgdatetype&page=$page&folder=$escapedfolder&message_id=$escapedmessageid&priority=20&ruletype=from&include=include&text=$eaddr&destination=mail-trash&enable=1" onclick="return confirm('$lang_text{blockemail} $eaddr ?');"|) . qq|\n|;
+ $temphtml .= qq| |. iconlink("blockemail.gif", qq|$lang_text{'blockemail'} |.ow::htmltext::str2html($eaddr), qq|href="$config{'ow_cgiurl'}/openwebmail-prefs.pl?action=addfilter&sessionid=$thissession&sort=$sort&msgdatetype=$msgdatetype&page=$page&folder=$escapedfolder&message_id=$escapedmessageid&priority=20&ruletype=from&include=include&text=|.ow::tool::escapeURL($eaddr).qq|&destination=mail-trash&enable=1" onclick="return confirm('$lang_text{blockemail} |.ow::htmltext::str2html($jseaddr).qq| ?');"|) . qq|\n|;
if ($message{smtprelay} !~ /^\s*$/) {
$temphtml .= qq| |.iconlink("blockrelay.gif", "$lang_text{'blockrelay'} $message{smtprelay}", qq|href="$config{'ow_cgiurl'}/openwebmail-prefs.pl?action=addfilter&sessionid=$thissession&sort=$sort&msgdatetype=$msgdatetype&page=$page&folder=$escapedfolder&message_id=$escapedmessageid&priority=20&ruletype=smtprelay&include=include&text=$message{smtprelay}&destination=mail-trash&enable=1" onclick="return confirm('$lang_text{blockrelay} $message{smtprelay} ?');"|) . qq|\n|;
}