diff -Nru squirrelmail-1.4.23~svn20120406/debian/changelog squirrelmail-1.4.23~svn20120406/debian/changelog --- squirrelmail-1.4.23~svn20120406/debian/changelog 2012-04-06 11:35:42.000000000 +0000 +++ squirrelmail-1.4.23~svn20120406/debian/changelog 2012-12-20 19:45:19.000000000 +0000 @@ -1,3 +1,12 @@ +squirrelmail (2:1.4.23~svn20120406-2) unstable; urgency=medium + + * Add patch from upstream to cope with changed behaviour of + htmlspecialchars() in PHP 5.4 (closes: #664895). + * Add patch from upstream to cope with removal of + session_unregister() in PHP 5.4. + + -- Thijs Kinkhorst Thu, 20 Dec 2012 20:41:02 +0100 + squirrelmail (2:1.4.23~svn20120406-1) unstable; urgency=medium * New upstream snapshot release. diff -Nru squirrelmail-1.4.23~svn20120406/debian/patches/php54_htmlspecialchars squirrelmail-1.4.23~svn20120406/debian/patches/php54_htmlspecialchars --- squirrelmail-1.4.23~svn20120406/debian/patches/php54_htmlspecialchars 1970-01-01 00:00:00.000000000 +0000 +++ squirrelmail-1.4.23~svn20120406/debian/patches/php54_htmlspecialchars 2012-12-20 20:10:50.000000000 +0000 @@ -0,0 +1,1679 @@ +Description: htmlspecialchars() semantics changed in PHP 5.4. Replace all + calls to that function with a SquirrelMail-internal function that + restores the previous behaviour. +Origin: upstream, http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14345 +Bug-Debian: http://bugs.debian.org/664895 + +--- a/plugins/fortune/fortune_functions.php ++++ b/plugins/fortune/fortune_functions.php +@@ -30,7 +30,7 @@ + if (!$exist) { + $sMsg = sprintf(_("%s is not found."),$fortune_location); + } else { +- $sMsg = htmlspecialchars(shell_exec($fortune_location . ' -s')); ++ $sMsg = sm_encode_html_special_chars(shell_exec($fortune_location . ' -s')); + } + + +--- a/plugins/message_details/message_details_bottom.php ++++ b/plugins/message_details/message_details_bottom.php +@@ -215,7 +215,7 @@ + $entities["$entStr"]['contenttype']=$reg[2].'/'.$reg[3]; + } + } else if (!$nameset && preg_match("/^.*(name=\s*)\"(.*)\".*/i",$line,$reg)) { +- $name = htmlspecialchars($reg[2]); ++ $name = sm_encode_html_special_chars($reg[2]); + $content[$content_indx]['name'] = decodeHeader($name); + $nameset = true; + if (isset($entities["$entStr"])) { +@@ -246,7 +246,7 @@ + } + } + */ +- $line = htmlspecialchars($line); ++ $line = sm_encode_html_special_chars($line); + $message_body .= "$pre"."$line"."$end".'
'."\r\n"; + } + +--- a/plugins/info/options.php ++++ b/plugins/info/options.php +@@ -75,7 +75,7 @@ + print "Server Capability response:
\n"; + + foreach($caps_array[0] as $value) { +- print htmlspecialchars($value); ++ print sm_encode_html_special_chars($value); + } + + print "\n"; +@@ -94,8 +94,8 @@ + } + } + else { +- print 'folder_prefix = ' . htmlspecialchars($folder_prefix) . "
\n". +- 'default_charset = ' . htmlspecialchars($default_charset) . "\n"; ++ print 'folder_prefix = ' . sm_encode_html_special_chars($folder_prefix) . "
\n". ++ 'default_charset = ' . sm_encode_html_special_chars($default_charset) . "\n"; + } + + print "

\n"; +--- a/plugins/info/functions.php ++++ b/plugins/info/functions.php +@@ -30,7 +30,7 @@ + $sid = sqimap_session_id(); + $results = array(); + $query = "$sid ".trim($string)."\r\n"; +- print "".htmlspecialchars($query).""; ++ print "".sm_encode_html_special_chars($query).""; + fputs ($imap_stream, $query); + $response = sqimap_read_data_list($imap_stream, $sid, false, $responses, $message); + array_push($response, $message); +@@ -43,7 +43,7 @@ + print_response($value); + } + else { +- print htmlspecialchars($value)."
\n"; ++ print sm_encode_html_special_chars($value)."
\n"; + } + } + } +--- a/plugins/mail_fetch/fetch.php ++++ b/plugins/mail_fetch/fetch.php +@@ -34,7 +34,7 @@ + function Mail_Fetch_Status($msg) { + echo html_tag( 'table', + html_tag( 'tr', +- html_tag( 'td', htmlspecialchars( $msg ) , 'left' ) ++ html_tag( 'td', sm_encode_html_special_chars( $msg ) , 'left' ) + ), + '', '', 'width="90%"' ); + flush(); +@@ -82,7 +82,7 @@ + '' . "\n"; + } + echo '' . +@@ -94,7 +94,7 @@ + if ($mailfetch_pass_[$i]=='') { + echo html_tag( 'tr', + html_tag( 'td', _("Password for") . ' ' . +- htmlspecialchars((($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . ++ sm_encode_html_special_chars((($mailfetch_alias_[$i]=='')?$mailfetch_server_[$i]:$mailfetch_alias_[$i])) . + ': ', + 'right' ) . + html_tag( 'td', '', 'left' ) +@@ -137,7 +137,7 @@ + html_tag( 'table', + html_tag( 'tr', + html_tag( 'td', '' . _("Fetching from ") . +- htmlspecialchars((($mailfetch_alias_[$i_loop] == '')?$mailfetch_server:$mailfetch_alias_[$i_loop])) . ++ sm_encode_html_special_chars((($mailfetch_alias_[$i_loop] == '')?$mailfetch_server:$mailfetch_alias_[$i_loop])) . + '', + 'center' ) , + '', $color[9] ) , +@@ -227,7 +227,7 @@ + } + $Count = $pop3->login($mailfetch_user, $mailfetch_pass); + if (($Count == false || $Count == -1) && $pop3->ERROR != '') { +- Mail_Fetch_Status(_("Login Failed:") . ' ' . htmlspecialchars($pop3->ERROR) ); ++ Mail_Fetch_Status(_("Login Failed:") . ' ' . sm_encode_html_special_chars($pop3->ERROR) ); + Mail_Fetch_Status(_("Saving UIDL")); + setPref($data_dir,$username,"mailfetch_uidl_$i_loop", $mailfetch_uidl[$i-1]); + +@@ -266,7 +266,7 @@ + if( $pop3->delete($i) ) { + Mail_Fetch_Status(sprintf(_("Message %d deleted from remote server!"), $i)); + } else { +- Mail_Fetch_Status(_("Delete failed:") . htmlspecialchars($pop3->ERROR) ); ++ Mail_Fetch_Status(_("Delete failed:") . sm_encode_html_special_chars($pop3->ERROR) ); + } + } + } else { +--- a/plugins/mail_fetch/options.php ++++ b/plugins/mail_fetch/options.php +@@ -316,7 +316,7 @@ + echo '' . _("Server Name:") . ' '. + ' '. +@@ -342,7 +342,7 @@ + html_tag( 'td', + "" . + '' . +- '
' . _("Selected Server:") . " " . htmlspecialchars($mailfetch_server_[$mf_sn]) . "
" . ++ '
' . _("Selected Server:") . " " . sm_encode_html_special_chars($mailfetch_server_[$mf_sn]) . "
" . + _("Confirm delete of selected server?") . '

' . + '' . + '
' , +@@ -369,23 +369,23 @@ + html_tag( 'table' ) . + html_tag( 'tr', + html_tag( 'th', _("Server:"), 'right' ) . +- html_tag( 'td', '', 'left' ) ++ html_tag( 'td', '', 'left' ) + ) . + html_tag( 'tr', + html_tag( 'th', _("Port:"), 'right' ) . +- html_tag( 'td', '', 'left' ) ++ html_tag( 'td', '', 'left' ) + ) . + html_tag( 'tr', + html_tag( 'th', _("Alias:"), 'right' ) . +- html_tag( 'td', '', 'left' ) ++ html_tag( 'td', '', 'left' ) + ) . + html_tag( 'tr', + html_tag( 'th', _("Username:"), 'right' ) . +- html_tag( 'td', '', 'left' ) ++ html_tag( 'td', '', 'left' ) + ) . + html_tag( 'tr', + html_tag( 'th', _("Password:"), 'right' ) . +- html_tag( 'td', '', 'left' ) ++ html_tag( 'td', '', 'left' ) + ) . + html_tag( 'tr' ) . + html_tag( 'th', _("Store in Folder:"), 'right' ) . +--- a/plugins/newmail/newmail_opt.php ++++ b/plugins/newmail/newmail_opt.php +@@ -159,8 +159,8 @@ + if ($fname == $media) { + echo 'selected="selected" '; + } +- echo 'value="' . htmlspecialchars($fname) . '">' . +- htmlspecialchars($entry) . "\n"; ++ echo 'value="' . sm_encode_html_special_chars($fname) . '">' . ++ sm_encode_html_special_chars($entry) . "\n"; + } + } + $d->close(); +@@ -174,8 +174,8 @@ + html_tag( 'tr', "\n" . + html_tag( 'td', _("Current File:"), 'right', '', 'nowrap' ) . + html_tag( 'td', '' . +- htmlspecialchars($media_output) . '', 'left' ) ++ sm_encode_html_special_chars($media) . '" name="media_default">' . ++ sm_encode_html_special_chars($media_output) . '', 'left' ) + ) . "\n"; + } + echo html_tag( 'tr', "\n" . +--- a/plugins/newmail/setup.php ++++ b/plugins/newmail/setup.php +@@ -242,7 +242,7 @@ + + if ($totalNew > 0 && $newmail_enable == 'on' && $newmail_media != '' && $newmail_media != '(none)') { + $newmail_media=sqm_baseuri().'plugins/newmail/sounds/'.basename($newmail_media); +- echo '

\n"; + } + if ($totalNew > 0 && $newmail_popup == 'on') { +--- a/plugins/newmail/testsound.php ++++ b/plugins/newmail/testsound.php +@@ -34,7 +34,7 @@ + echo html_tag( 'table', + html_tag( 'tr', + html_tag( 'td', +- '

'. ++ '

'. + '
'. + '' . _("Loading the sound...") . '
'. + '

'. +--- a/plugins/translate/setup.php ++++ b/plugins/translate/setup.php +@@ -226,7 +226,7 @@ + } + + if (! is_null($charset)) +- echo ' accept-charset="'.htmlspecialchars($charset).'"'; ++ echo ' accept-charset="'.sm_encode_html_special_chars($charset).'"'; + + echo ">\n"; + +@@ -251,7 +251,7 @@ + + + +- ++ + '; +@@ -65,20 +65,20 @@ + echo '' . "\n" ; + } else { +- echo htmlspecialchars('"'.$idents[0]['full_name'].'" <'.$idents[0]['email_address'].'>'); ++ echo sm_encode_html_special_chars('"'.$idents[0]['full_name'].'" <'.$idents[0]['email_address'].'>'); + } + + echo '

' +-. '' +-. '' +-. '' +-. '' ++. '' ++. '' ++. '' ++. '' + . '

' + . '

'; + +--- a/plugins/spamcop/options.php ++++ b/plugins/spamcop/options.php +@@ -130,7 +130,7 @@ + '(' . _("see below") . ')','right','','valign="top"'); + ?> +

+- ++ + + \n"; +--- a/plugins/spamcop/spamcop.php ++++ b/plugins/spamcop/spamcop.php +@@ -130,8 +130,8 @@ + echo '\n"; + } else { + ?> +- +- ++ ++ + \n"; + } +@@ -147,9 +147,9 @@ + $form_action = sqm_baseuri() . 'src/compose.php'; + ?> + +- +- +- ++ ++ ++ + + + +@@ -171,7 +171,7 @@ + } ?> + + +- ++ + "; + } +--- a/plugins/squirrelspell/modules/edit_dic.mod ++++ b/plugins/squirrelspell/modules/edit_dic.mod +@@ -82,8 +82,8 @@ + $msg .= "\n"; + } + $msg .= ' ' +- . htmlspecialchars($words_ary[$j])."
\n"; ++ . 'value="' . sm_encode_html_special_chars($words_ary[$j]) . '" /> ' ++ . sm_encode_html_special_chars($words_ary[$j])."
\n"; + } + $msg .= '' + . "" +--- a/plugins/squirrelspell/modules/lang_change.mod ++++ b/plugins/squirrelspell/modules/lang_change.mod +@@ -74,11 +74,11 @@ + $lang_array = explode( ',', $lang_string ); + $dsp_string = ''; + foreach( $lang_array as $a) { +- $dsp_string .= _(htmlspecialchars(trim($a))) . _(", "); ++ $dsp_string .= _(sm_encode_html_special_chars(trim($a))) . _(", "); + } + $dsp_string = substr( $dsp_string, 0, -2 ); + $msg = '

' +- . sprintf(_("Settings adjusted to: %s with %s as default dictionary."), ''.$dsp_string.'', ''._(htmlspecialchars($lang_default)).'') ++ . sprintf(_("Settings adjusted to: %s with %s as default dictionary."), ''.$dsp_string.'', ''._(sm_encode_html_special_chars($lang_default)).'') + . '

'; + } else { + /** +--- a/plugins/squirrelspell/modules/forget_me.mod ++++ b/plugins/squirrelspell/modules/forget_me.mod +@@ -39,7 +39,7 @@ + * Remove word by word... + */ + $lang_words=str_replace("$words_ary[$i]\n", "", $lang_words); +- $msg .= '

' . htmlspecialchars($words_ary[$i]) . "

\n"; ++ $msg .= '

' . sm_encode_html_special_chars($words_ary[$i]) . "

\n"; + } + $new_words_ary=split("\n", $lang_words); + /** +--- a/plugins/squirrelspell/modules/check_me.mod ++++ b/plugins/squirrelspell/modules/check_me.mod +@@ -95,7 +95,7 @@ + $spell_proc = @proc_open($sqspell_command, $descriptorspec, $pipes); + if ( ! is_resource ( $spell_proc ) ) { + error_box ( sprintf(_("Could not run the spellchecker command (%s)."), +- htmlspecialchars($sqspell_command) ) , $color ); ++ sm_encode_html_special_chars($sqspell_command) ) , $color ); + // close html tags and abort script. + echo ""; + exit(); +@@ -133,14 +133,14 @@ + $fp = @fopen($floc, 'w'); + if ( ! is_resource ($fp) ) { + error_box ( sprintf(_("Could not open temporary file '%s'."), +- htmlspecialchars($floc) ) , $color ); ++ sm_encode_html_special_chars($floc) ) , $color ); + // failed to open temp file. abort script. + echo ""; + exit(); + } + if ( ! @fwrite($fp, $sqspell_new_text) ) { + error_box ( sprintf(_("Error while writing to temporary file '%s'."), +- htmlspecialchars($floc) ) , $color ); ++ sm_encode_html_special_chars($floc) ) , $color ); + // close file descriptor + fclose($fp); + // failed writing to temp file. abort script. +@@ -159,7 +159,7 @@ + $msg= "

" + . sprintf(_("I tried to execute '%s', but it returned:"), + $sqspell_command) . "

"
+-     . htmlspecialchars(join("\n", $sqspell_output)) . '

' ++ . sm_encode_html_special_chars(join("\n", $sqspell_output)) . '' + . '' + . '

'; +--- a/plugins/filters/options.php ++++ b/plugins/filters/options.php +@@ -203,7 +203,7 @@ + html_tag( 'td', '', 'left' ) . + ''. + ''. +@@ -265,7 +265,7 @@ + printf( _("If %s contains %s then move to %s"), + ''.$filters[$i]['where'].'', + ''.$filters[$i]['what'].'', +- ''.htmlspecialchars(imap_utf7_decode_local($fdr)).''); ++ ''.sm_encode_html_special_chars(imap_utf7_decode_local($fdr)).''); + echo ''; + + } +--- a/plugins/filters/spamoptions.php ++++ b/plugins/filters/spamoptions.php +@@ -199,7 +199,7 @@ + echo html_tag( 'p', '', 'center' ) . + '[' . _("Edit") . ']' . + ' - [' . _("Done") . ']

'; +- printf( _("Spam is sent to %s."), ($filters_spam_folder?''.htmlspecialchars(imap_utf7_decode_local($filters_spam_folder)).'':'['._("not set yet").']' ) ); ++ printf( _("Spam is sent to %s."), ($filters_spam_folder?''.sm_encode_html_special_chars(imap_utf7_decode_local($filters_spam_folder)).'':'['._("not set yet").']' ) ); + echo '
'; + printf( _("Spam scan is limited to %s."), '' . ( ($filters_spam_scan == 'new')?_("Unread messages only"):_("All messages") ) . '' ); + echo '

'. +--- a/plugins/bug_report/bug_report.php ++++ b/plugins/bug_report/bug_report.php +@@ -163,7 +163,7 @@ + $body_top .= "----------------------------------------------\n"; + } + +-$body = htmlspecialchars($body_top . $body); ++$body = sm_encode_html_special_chars($body_top . $body); + + ?> +
+--- a/plugins/calendar/calendar.php ++++ b/plugins/calendar/calendar.php +@@ -114,11 +114,11 @@ + $calbar = $calendardata[$cdate][$calfoo['key']]; + // FIXME: how to display multiline task + $title = '['. $calfoo['key']. '] ' . +- str_replace(array("\r","\n"),array(' ',' '),htmlspecialchars($calbar['message'])); ++ str_replace(array("\r","\n"),array(' ',' '),sm_encode_html_special_chars($calbar['message'])); + // FIXME: link to nowhere + echo "".htmlspecialchars($calbar['title'])."
\n"; ++ ."\" title=\"$title\">".sm_encode_html_special_chars($calbar['title'])."
\n"; + $i=$i+1; + if($i==2){ + break; +--- a/plugins/calendar/day.php ++++ b/plugins/calendar/day.php +@@ -127,9 +127,9 @@ + html_tag( 'td', date_intl(_("H:i"),mktime($ehour,$eminute,0,1,1,0)) . $elength, 'left' ) . + html_tag( 'td', '', 'left' ) . '['; + echo ($calbar['priority']==1) ? +- "".htmlspecialchars($calbar['title']).'' : +- htmlspecialchars($calbar['title']); +- echo']

'.nl2br(htmlspecialchars($calbar['message'])).'

' . ++ "".sm_encode_html_special_chars($calbar['title']).'' : ++ sm_encode_html_special_chars($calbar['title']); ++ echo']

'.nl2br(sm_encode_html_special_chars($calbar['message'])).'

' ."\n" . +- '' . "\n" . ++ '' . "\n" . + '' . "\n" . + addHidden('smtoken', sm_generate_security_token()) . "\n"; + +@@ -373,9 +373,9 @@ + } else { + echo html_tag( 'tr', '', '', $color[4] ); + } +- echo html_tag( 'td', htmlspecialchars(imap_utf7_decode_local($saved_attributes['saved_folder'][$i + 1])), 'left', '', 'width="35%"' ) +- . html_tag( 'td', htmlspecialchars($saved_attributes['saved_what'][$i + 1]), 'left' ) +- . html_tag( 'td', htmlspecialchars($saved_attributes['saved_where'][$i + 1]), 'center' ) ++ echo html_tag( 'td', sm_encode_html_special_chars(imap_utf7_decode_local($saved_attributes['saved_folder'][$i + 1])), 'left', '', 'width="35%"' ) ++ . html_tag( 'td', sm_encode_html_special_chars($saved_attributes['saved_what'][$i + 1]), 'left' ) ++ . html_tag( 'td', sm_encode_html_special_chars($saved_attributes['saved_where'][$i + 1]), 'center' ) + . html_tag( 'td', '', 'right' ) + . '' + . _("save") +--- a/src/login.php ++++ b/src/login.php +@@ -118,7 +118,7 @@ + + do_hook('login_cookie'); + +-$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? htmlspecialchars($loginname) : ''); ++$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? sm_encode_html_special_chars($loginname) : ''); + + /* Output the javascript onload function. */ + +--- a/src/options_identities.php ++++ b/src/options_identities.php +@@ -174,7 +174,7 @@ + $str = ''; + $str .= '\n"; + $str .= ' ' . $title . ' ' . "\n"; +- $str .= ' ' . "\n"; ++ $str .= ' ' . "\n"; + $str .= ''; + + return $str; +@@ -185,7 +185,7 @@ + $str = ''; + $str .= '\n"; + $str .= ' ' . $title . ' ' . "\n"; +- $str .= ' ' . "\n"; ++ $str .= ' ' . "\n"; + $str .= ''; + + return $str; +--- a/src/options_highlight.php ++++ b/src/options_highlight.php +@@ -179,11 +179,11 @@ + $links, + 'left', $color[4], 'width="20%" nowrap' ) . + html_tag( 'td', +- htmlspecialchars($message_highlight_list[$i]['name']) , ++ sm_encode_html_special_chars($message_highlight_list[$i]['name']) , + 'left' ) . + html_tag( 'td', + $match_type . ' = ' . +- htmlspecialchars($message_highlight_list[$i]['value']) , ++ sm_encode_html_special_chars($message_highlight_list[$i]['value']) , + 'left' ) , + '', '#' . $message_highlight_list[$i]['color'] ) . "\n"; + } +--- a/src/vcard.php ++++ b/src/vcard.php +@@ -97,14 +97,14 @@ + } else { + echo '' . + sprintf(_("vCard Version %s is not supported. Some information might not be converted correctly."), +- htmlspecialchars($vcard_nice['version'])) . ++ sm_encode_html_special_chars($vcard_nice['version'])) . + "\n"; + $vcard_nice['firstname'] = ''; + $vcard_nice['lastname'] = ''; + } + + foreach ($vcard_nice as $k => $v) { +- $v = htmlspecialchars($v); ++ $v = sm_encode_html_special_chars($v); + $v = trim($v); + $vcard_safe[$k] = trim(nl2br($v)); + } +@@ -166,44 +166,44 @@ + ''; +@@ -212,7 +212,7 @@ + + ' . ++ sm_encode_html_special_chars(!empty($vcard_nice['email;internet'])?$vcard_nice['email;internet']:'') . '" />' . + '' . + '' . htmlspecialchars( ++ echo '>' . sm_encode_html_special_chars( + $data['full_name'] . ' <' . + $data['email_address'] . '>') . + "\n"; +@@ -1231,10 +1231,10 @@ + } else { + echo "\n\n".($prefix_sig==true? "-- \n":'').decodeHeader($signature,false,false,true); + } +- echo "\n\n".htmlspecialchars(decodeHeader($body,false,false,true)); ++ echo "\n\n".sm_encode_html_special_chars(decodeHeader($body,false,false,true)); + } + else { +- echo "\n\n".htmlspecialchars(decodeHeader($body,false,false,true)); ++ echo "\n\n".sm_encode_html_special_chars(decodeHeader($body,false,false,true)); + if ($default_charset == 'iso-2022-jp') { + echo "\n\n".($prefix_sig==true? "-- \n":'').mb_convert_encoding($signature, 'EUC-JP'); + }else{ +@@ -1242,7 +1242,7 @@ + } + } + } else { +- echo htmlspecialchars(decodeHeader($body,false,false,true)); ++ echo sm_encode_html_special_chars(decodeHeader($body,false,false,true)); + } + echo '
' . "\n" . + ' ' . "\n" . +@@ -1691,7 +1691,7 @@ + return $succes; + } else { + $msg = '
'.sprintf(_("Error: Draft folder %s does not exist."), +- htmlspecialchars($draft_folder)); ++ sm_encode_html_special_chars($draft_folder)); + plain_error_message($msg, $color); + return false; + } +--- a/src/addrbook_search.php ++++ b/src/addrbook_search.php +@@ -138,7 +138,7 @@ + echo "\n"; + + while (list($undef, $row) = each($res)) { +- $email = htmlspecialchars(addcslashes(AddressBook::full_address($row), "'"), ENT_QUOTES); ++ $email = sm_encode_html_special_chars(addcslashes(AddressBook::full_address($row), "'"), ENT_QUOTES); + if ($line % 2) { + $tr_bgcolor = $color[12]; + } else { +@@ -153,12 +153,12 @@ + '"._("Bcc")."", + 'center', '', 'valign="top" width="5%" nowrap' ) . +- html_tag( 'td', ' ' . htmlspecialchars($row['name']), 'left', '', 'valign="top" nowrap' ) . ++ html_tag( 'td', ' ' . sm_encode_html_special_chars($row['name']), 'left', '', 'valign="top" nowrap' ) . + html_tag( 'td', ' ' . + '" . htmlspecialchars($row['email']) . '' ++ "'" . $email . "');\">" . sm_encode_html_special_chars($row['email']) . '' + , 'left', '', 'valign="top"' ) . +- html_tag( 'td', htmlspecialchars($row['label']), 'left', '', 'valign="top" nowrap' ); ++ html_tag( 'td', sm_encode_html_special_chars($row['label']), 'left', '', 'valign="top" nowrap' ); + if ($includesource) { + echo html_tag( 'td', ' ' . $row['source'], 'left', '', 'valign="top" nowrap' ); + } +--- a/src/right_main.php ++++ b/src/right_main.php +@@ -174,7 +174,7 @@ + + do_hook('right_main_after_header'); + if (isset($note)) { +- echo html_tag( 'div', '' . htmlspecialchars($note) .'', 'center' ) . "
\n"; ++ echo html_tag( 'div', '' . sm_encode_html_special_chars($note) .'', 'center' ) . "
\n"; + } + + if ( sqgetGlobalVar('just_logged_in', $just_logged_in, SQ_SESSION) ) { +--- a/src/view_header.php ++++ b/src/view_header.php +@@ -46,7 +46,7 @@ + $cnum = 0; + + for ($i=1; $i < count($read); $i++) { +- $line = htmlspecialchars($read[$i]); ++ $line = sm_encode_html_special_chars($read[$i]); + switch (true) { + case (preg_match('/^>/i', $line)): + $second[$i] = $line; +--- a/src/folders_rename_getname.php ++++ b/src/folders_rename_getname.php +@@ -64,7 +64,7 @@ + + if (strpos($displayable_old, $delimiter)) { + $old_name = substr($displayable_old, strrpos($displayable_old, $delimiter)+1); +- $parent = htmlspecialchars(substr($displayable_old, ++ $parent = sm_encode_html_special_chars(substr($displayable_old, + 0, + strrpos($displayable_old, $delimiter)) + . ' ' . $delimiter); +--- a/src/read_body.php ++++ b/src/read_body.php +@@ -458,7 +458,7 @@ + $env[_("Cc")] = formatRecipientString($header->cc, "cc"); + $env[_("Bcc")] = formatRecipientString($header->bcc, "bcc"); + if ($default_use_priority) { +- $env[_("Priority")] = htmlspecialchars(getPriorityStr($header->priority)); ++ $env[_("Priority")] = sm_encode_html_special_chars(getPriorityStr($header->priority)); + } + if ($show_xmailer_default) { + $env[_("Mailer")] = decodeHeader($header->xmailer); +--- a/class/mime/Rfc822Header.class.php ++++ b/class/mime/Rfc822Header.class.php +@@ -706,7 +706,7 @@ + $value = substr($value,strlen($charset)+1); + /* FIXME: What's the status of charset decode with language information ???? + * Maybe language information contains only ascii text and charset_decode() +- * only runs htmlspecialchars() on it. If it contains 8bit information, you ++ * only runs sm_encode_html_special_chars() on it. If it contains 8bit information, you + * get html encoded text in charset used by selected translation. + */ + $value = charset_decode($charset,$value); +--- a/class/deliver/Deliver_SMTP.class.php ++++ b/class/deliver/Deliver_SMTP.class.php +@@ -337,7 +337,7 @@ + } + + $this->dlv_msg = $message; +- $this->dlv_server_msg = nl2br(htmlspecialchars($server_msg)); ++ $this->dlv_server_msg = nl2br(sm_encode_html_special_chars($server_msg)); + + return true; + } +--- a/functions/strings.php ++++ b/functions/strings.php +@@ -1476,4 +1476,38 @@ + + } + ++/** ++ * Wrapper for PHP's htmlspecialchars() that ++ * attempts to add the correct character encoding ++ * ++ * @param string $string The string to be converted ++ * @param int $flags A bitmask that controls the behavior of htmlspecialchars() ++ * (See http://php.net/manual/function.htmlspecialchars.php ) ++ * (OPTIONAL; default ENT_COMPAT) ++ * @param string $encoding The character encoding to use in the conversion ++ * (OPTIONAL; default automatic detection) ++ * @param boolean $double_encode Whether or not to convert entities that are ++ * already in the string (only supported in ++ * PHP 5.2.3+) (OPTIONAL; default TRUE) ++ * ++ * @return string The converted text ++ * ++ */ ++function sm_encode_html_special_chars($string, $flags=ENT_COMPAT, ++ $encoding=NULL, $double_encode=TRUE) ++{ ++ if (!$encoding) ++ { ++ global $default_charset; ++ if ($default_charset == 'iso-2022-jp') ++ $default_charset = 'EUC-JP'; ++ $encoding = $default_charset; ++ } ++ ++ if (check_php_version(5, 2, 3)) ++ return htmlspecialchars($string, $flags, $encoding, $double_encode); ++ ++ return htmlspecialchars($string, $flags, $encoding); ++} ++ + $PHP_SELF = php_self(); +--- a/functions/addressbook.php ++++ b/functions/addressbook.php +@@ -154,7 +154,7 @@ + * display address book init errors. + */ + if ($abook_init_error!='' && $showerr) { +- $abook_init_error = htmlspecialchars($abook_init_error); ++ $abook_init_error = sm_encode_html_special_chars($abook_init_error); + error_box($abook_init_error,$color); + } + +--- a/functions/imap_mailbox.php ++++ b/functions/imap_mailbox.php +@@ -254,7 +254,7 @@ + if (strstr($mailbox, '../') || substr($mailbox, 0, 1) == '/') { + global $color; + include_once(SM_PATH . 'functions/display_messages.php'); +- error_box(sprintf(_("Invalid mailbox name: %s"),htmlspecialchars($mailbox)),$color); ++ error_box(sprintf(_("Invalid mailbox name: %s"),sm_encode_html_special_chars($mailbox)),$color); + sqimap_logout($imap_stream); + die(''); + } +@@ -555,16 +555,16 @@ + $box2 = $boxes_part['formatted']; + break; + default: /* default, long names, style = 0 */ +- $box2 = str_replace(' ', ' ', htmlspecialchars(imap_utf7_decode_local($boxes_part['unformatted-disp']))); ++ $box2 = str_replace(' ', ' ', sm_encode_html_special_chars(imap_utf7_decode_local($boxes_part['unformatted-disp']))); + break; + } + } + $box2 = str_replace(array('<','>'), array('<','>') , $box2); + + if ($show_selected != 0 && in_array($lowerbox, $show_selected) ) { +- $mbox_options .= '' . "\n"; ++ $mbox_options .= '' . "\n"; + } else { +- $mbox_options .= '' . "\n"; ++ $mbox_options .= '' . "\n"; + } + } + } +--- a/functions/i18n.php ++++ b/functions/i18n.php +@@ -171,7 +171,7 @@ + * @param string $string Text to be decoded + * @param boolean $force_decode converts string to html without $charset!=$default_charset check. + * Argument is available since 1.4.5 and 1.5.1. +- * @param boolean $save_html disables htmlspecialchars() in order to preserve ++ * @param boolean $save_html disables sm_encode_html_special_chars() in order to preserve + * html formating. Use with care. Available since 1.4.6 and 1.5.1 + * @return string decoded string + */ +@@ -184,7 +184,7 @@ + } + + /* All HTML special characters are 7 bit and can be replaced first */ +- if (! $save_html) $string = htmlspecialchars ($string); ++ if (! $save_html) $string = sm_encode_html_special_chars ($string); + $charset = strtolower($charset); + + set_my_charset(); +@@ -214,7 +214,7 @@ + * @since 1.4.4 and 1.5.1 + * @param string $string + * @param string $charset +- * @param boolean $htmlencode keep htmlspecialchars encoding ++ * @param boolean $htmlencode keep sm_encode_html_special_chars encoding + * @return string + */ + function charset_encode($string,$charset,$htmlencode=true) { +@@ -258,7 +258,7 @@ + * @param string $in_charset initial charset + * @param string $string string that has to be converted + * @param string $out_charset final charset +- * @param boolean $htmlencode keep htmlspecialchars encoding ++ * @param boolean $htmlencode keep sm_encode_html_special_chars encoding + * @return string converted string + */ + function charset_convert($in_charset,$string,$out_charset,$htmlencode=true) { +--- a/functions/mailbox_display.php ++++ b/functions/mailbox_display.php +@@ -110,10 +110,10 @@ + if ($senderNames_part[1]) { + $senderName .= decodeHeader($senderNames_part[1]); + } else { +- $senderName .= htmlspecialchars($senderNames_part[0]); ++ $senderName .= sm_encode_html_special_chars($senderNames_part[0]); + } + +- $senderFrom .= htmlspecialchars($senderNames_part[0]); ++ $senderFrom .= sm_encode_html_special_chars($senderNames_part[0]); + } + } + $senderName = str_replace(' ',' ',$senderName); +@@ -530,8 +530,8 @@ + $form_name = "FormMsgs" . $safe_name; + echo '' ."\n" . + '' . "\n" . +- '' . "\n" . +- '' . "\n"; ++ '' . "\n" . ++ '' . "\n"; + + echo ''; + echo '' . + '' . +- '' . ++ '' . + '' +- . '' +- . '' ++ . '' ++ . '' + . "\n"; + + } +@@ -821,9 +821,9 @@ + function createWidget_Submit() { + + $result = "name\" value=\"" +- . htmlspecialchars($this->comment) ++ . sm_encode_html_special_chars($this->comment) + . "\" $this->script />" +- . htmlspecialchars($this->trailing_text) . "\n"; ++ . sm_encode_html_special_chars($this->trailing_text) . "\n"; + + return $result; + +@@ -953,7 +953,7 @@ + function create_hidden_element($name, $value) { + $result = ''; ++ . 'value="' . sm_encode_html_special_chars($value) . '" />'; + return ($result); + } + +--- a/functions/display_messages.php ++++ b/functions/display_messages.php +@@ -32,7 +32,7 @@ + } + + $string .= sprintf (_("Click here to return to %s"), +- htmlspecialchars(imap_utf7_decode_local($mailbox))). ++ sm_encode_html_special_chars(imap_utf7_decode_local($mailbox))). + ''; + error_box($string, $color); + } +--- a/functions/imap_search.php ++++ b/functions/imap_search.php +@@ -126,7 +126,7 @@ + if (strstr($errors,'* SEARCH')) { + return array(); + } +- echo ''; ++ echo ''; + } + + +--- a/functions/imap_messages.php ++++ b/functions/imap_messages.php +@@ -786,7 +786,7 @@ + _("ERROR: Could not complete request.") . + '
' . + _("Unknown response from IMAP server:") . ' 1.' . +- htmlspecialchars($read) . "
\n"; ++ sm_encode_html_special_chars($read) . "
\n"; + break; + } + $i = strpos($read,'(',$i_space+5); diff -Nru squirrelmail-1.4.23~svn20120406/debian/patches/php54_session_unregister squirrelmail-1.4.23~svn20120406/debian/patches/php54_session_unregister --- squirrelmail-1.4.23~svn20120406/debian/patches/php54_session_unregister 1970-01-01 00:00:00.000000000 +0000 +++ squirrelmail-1.4.23~svn20120406/debian/patches/php54_session_unregister 2012-12-20 20:06:16.000000000 +0000 @@ -0,0 +1,15 @@ +Description: PHP 5.4 removed the session_unregister function. + Replace it with the SquirrelMail-internal custom implementation. +Origin: upstream, http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14343 + +--- a/plugins/message_details/message_details_bottom.php ++++ b/plugins/message_details/message_details_bottom.php +@@ -85,7 +85,7 @@ + $messageheaderstart=false; + $boundaries = array(); + $entities = array(); +-session_unregister("entities"); ++sqsession_unregister("entities"); + $pre = ''; + $end = ''; + $entStr = ''; diff -Nru squirrelmail-1.4.23~svn20120406/debian/patches/series squirrelmail-1.4.23~svn20120406/debian/patches/series --- squirrelmail-1.4.23~svn20120406/debian/patches/series 2012-04-06 11:12:38.000000000 +0000 +++ squirrelmail-1.4.23~svn20120406/debian/patches/series 2012-12-20 19:56:44.000000000 +0000 @@ -1 +1,3 @@ debian-specifics +php54_session_unregister +php54_htmlspecialchars

'; +--- a/functions/imap_general.php ++++ b/functions/imap_general.php +@@ -367,7 +367,7 @@ + $cmd = explode(' ',$query); + $cmd = strtolower($cmd[0]); + if ($query != '' && $cmd != 'login') { +- $string .= ("Query:") . ' '. htmlspecialchars($query) ++ $string .= ("Query:") . ' '. sm_encode_html_special_chars($query) + . '
' . "
\n"; + } + error_box($string,$color); +@@ -399,9 +399,9 @@ + _("ERROR: Could not complete request.") . + "
\n" . + _("Query:") . ' ' . +- htmlspecialchars($query) . '
' . ++ sm_encode_html_special_chars($query) . '
' . + _("Reason Given:") . ' ' . +- htmlspecialchars($message) . "
\n"; ++ sm_encode_html_special_chars($message) . "
\n"; + error_box($string,$color); + echo ''; + exit; +@@ -414,9 +414,9 @@ + _("ERROR: Bad or malformed request.") . + "
\n" . + _("Query:") . ' '. +- htmlspecialchars($query) . '
' . ++ sm_encode_html_special_chars($query) . '
' . + _("Server responded:") . ' ' . +- htmlspecialchars($message) . "
\n"; ++ sm_encode_html_special_chars($message) . "
\n"; + error_box($string,$color); + echo ''; + exit; +@@ -427,9 +427,9 @@ + _("ERROR: IMAP server closed the connection.") . + "
\n" . + _("Query:") . ' '. +- htmlspecialchars($query) . '
' . ++ sm_encode_html_special_chars($query) . '
' . + _("Server responded:") . ' ' . +- htmlspecialchars($message) . "
\n"; ++ sm_encode_html_special_chars($message) . "
\n"; + error_box($string,$color); + echo ''; + exit; +@@ -440,9 +440,9 @@ + _("ERROR: Unknown IMAP response.") . + "
\n" . + _("Query:") . ' '. +- htmlspecialchars($query) . '
' . ++ sm_encode_html_special_chars($query) . '
' . + _("Server responded:") . ' ' . +- htmlspecialchars($message) . "
\n"; ++ sm_encode_html_special_chars($message) . "
\n"; + error_box($string,$color); + /* the error is displayed but because we don't know the reponse we + return the result anyway */ +@@ -653,7 +653,7 @@ + if (!$hide) { + if ($response != 'NO') { + /* "BAD" and anything else gets reported here. */ +- $message = htmlspecialchars($message); ++ $message = sm_encode_html_special_chars($message); + set_up_language($squirrelmail_language, true); + require_once(SM_PATH . 'functions/display_messages.php'); + if ($response == 'BAD') { +@@ -664,7 +664,7 @@ + if (isset($read) && is_array($read)) { + $string .= '
' . _("Read data:") . "
\n"; + foreach ($read as $line) { +- $string .= htmlspecialchars($line) . "
\n"; ++ $string .= sm_encode_html_special_chars($line) . "
\n"; + } + } + error_box($string,$color); +--- a/functions/page_header.php ++++ b/functions/page_header.php +@@ -272,7 +272,7 @@ + + echo "\n\n"; + /** Here is the header and wrapping table **/ +- $shortBoxName = htmlspecialchars(imap_utf7_decode_local( ++ $shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local( + readShortMailboxName($mailbox, $delimiter))); + if ( $shortBoxName == 'INBOX' ) { + $shortBoxName = _("INBOX"); +--- a/functions/forms.php ++++ b/functions/forms.php +@@ -23,8 +23,8 @@ + */ + function addInputField($type, $name = null, $value = null, $attributes = '') { + return '\n"; + } + +@@ -89,16 +89,16 @@ + if(count($values) == 1) { + $k = key($values); $v = array_pop($values); + return addHidden($name, ($usekeys ? $k:$v)). +- htmlspecialchars($v) . "\n"; ++ sm_encode_html_special_chars($v) . "\n"; + } + +- $ret = '\n"; + foreach ($values as $k => $v) { + if(!$usekeys) $k = $v; + $ret .= '\n"; ++ '>' . sm_encode_html_special_chars($v) ."\n"; + } + $ret .= "\n"; + +@@ -123,9 +123,9 @@ + * Textarea form element. + */ + function addTextArea($name, $text = '', $cols = 40, $rows = 10, $attr = '') { +- return '\n"; ++ $attr . '>'.sm_encode_html_special_chars($text) ."\n"; + } + + /** +@@ -156,7 +156,7 @@ + $enctype = ' enctype="'.$enctype.'"'; + } + if($charset) { +- $charset = ' accept-charset="'.htmlspecialchars($charset).'"'; ++ $charset = ' accept-charset="'.sm_encode_html_special_chars($charset).'"'; + } + + $form_string = ''; + $errormessage = _("SquirrelMail could not decode the bodystructure of the message"); + $errormessage .= '
'._("The bodystructure provided by your IMAP server:").'

'; +- $errormessage .= '

' . htmlspecialchars($read) . '

'; ++ $errormessage .= '

' . sm_encode_html_special_chars($read) . '

'; + plain_error_message( $errormessage, $color ); + echo ''; + exit; +@@ -540,7 +540,7 @@ + ''.decodeHeader($display_filename).'

' . show_readable_size($header->size) . + '

[ '.htmlspecialchars($type0).'/'.htmlspecialchars($type1).' ]

[ '.sm_encode_html_special_chars($type0).'/'.sm_encode_html_special_chars($type1).' ]

'; + $attachments .= '' . $description . ''; + $attachments .= '

'; +@@ -671,7 +671,7 @@ + $iLastMatch = $i; + $j = $i; + if ($htmlsave) { +- $ret .= htmlspecialchars($res[1]); ++ $ret .= sm_encode_html_special_chars($res[1]); + } else { + $ret .= $res[1]; + } +@@ -696,7 +696,7 @@ + $replace = charset_decode($res[2],$replace); + } elseif ($htmlsave) { + // string is not converted, but still sanitized +- $replace = htmlspecialchars($replace); ++ $replace = sm_encode_html_special_chars($replace); + } + $ret.= $replace; + break; +@@ -712,7 +712,7 @@ + $replace = charset_decode($res[2], $replace); + } elseif ($htmlsave) { + // string is not converted, but still sanizited +- $replace = htmlspecialchars($replace); ++ $replace = sm_encode_html_special_chars($replace); + } + $ret .= $replace; + break; +@@ -731,7 +731,7 @@ + } + + if (!$encoded && $htmlsave) { +- $ret .= htmlspecialchars($chunk); ++ $ret .= sm_encode_html_special_chars($chunk); + } else { + $ret .= $chunk; + } +--- a/functions/options.php ++++ b/functions/options.php +@@ -305,7 +305,7 @@ + } + + function createWidget_Info() { +- $result = htmlspecialchars($this->value) . "\n"; ++ $result = sm_encode_html_special_chars($this->value) . "\n"; + return $result; + } + +@@ -341,9 +341,9 @@ + $result = "name\" value=\"" +- . htmlspecialchars($this->value) ++ . sm_encode_html_special_chars($this->value) + . "\" size=\"$width\" $this->script /> " +- . htmlspecialchars($this->trailing_text) . "\n"; ++ . sm_encode_html_special_chars($this->trailing_text) . "\n"; + return $result; + } + +@@ -384,14 +384,14 @@ + foreach ($this->possible_values as $real_value => $disp_value) { + $result .= "\n" . 'value ? ' checked="checked"' : '') + . ' /> ' +- . ($this->htmlencoded ? $disp_value : htmlspecialchars($disp_value)) ++ . ($this->htmlencoded ? $disp_value : sm_encode_html_special_chars($disp_value)) + . ''; + if ($this->size != SMOPT_SIZE_TINY) + $result .= '
'; +@@ -437,7 +437,7 @@ + foreach ($this->possible_values as $real_value => $disp_value) { + /* Start the next new option string. */ + $new_option = '\n"; ++ $new_option .= '>' . ($this->htmlencoded ? $disp_value : sm_encode_html_special_chars($disp_value)) . "\n"; + /* And add the new option string to our select tag. */ + $result .= $new_option; + } + + /* Close the select tag and return our happy result. */ +- $result .= '' . htmlspecialchars($this->trailing_text) . "\n"; ++ $result .= '' . sm_encode_html_special_chars($this->trailing_text) . "\n"; + return $result; + } + +@@ -520,7 +520,7 @@ + + } else { + /* Start the next new option string. */ +- $new_option = '\n"; + } + /* And add the new option string to our select tag. */ + $result .= $new_option; + } + /* Close the select tag and return our happy result. */ +- $result .= '' . htmlspecialchars($this->trailing_text) . "\n"; ++ $result .= '' . sm_encode_html_special_chars($this->trailing_text) . "\n"; + return $result; + } + +@@ -560,7 +560,7 @@ + } + $result = "\n"; ++ . sm_encode_html_special_chars($this->value) . "\n"; + return ($result); + } + +@@ -628,7 +628,7 @@ + . '" id="new_' . $this->name . '" value="' . SMPREF_YES + . "\" $yes_chk " . $this->script . ' /> ' + . '' +- . htmlspecialchars($this->trailing_text) . ''; ++ . sm_encode_html_special_chars($this->trailing_text) . ''; + } + + // radio buttons... +@@ -639,13 +639,13 @@ + $yes_option = 'script /> " +- . '' . (!empty($this->yes_text) ? htmlspecialchars($this->yes_text) : _("Yes")) . ''; ++ . '' . (!empty($this->yes_text) ? sm_encode_html_special_chars($this->yes_text) : _("Yes")) . ''; + + /* Build the no choice. */ + $no_option = 'script /> " +- . '' . (!empty($this->no_text) ? htmlspecialchars($this->no_text) : _("No")) . ''; ++ . '' . (!empty($this->no_text) ? sm_encode_html_special_chars($this->no_text) : _("No")) . ''; + + /* Build the combined "boolean widget". */ + $result = "$yes_option $no_option"; +@@ -657,7 +657,7 @@ + + function createWidget_Hidden() { + $result = 'script . ' />'; + return ($result); + } +@@ -733,7 +733,7 @@ + + // Start the next new option string. + // +- $result .= '\n"; + + } + +@@ -783,8 +783,8 @@ + else $bgcolor = 4; + + $result .= '

' . htmlspecialchars($value) . '

' . sm_encode_html_special_chars($value) . '