diff --git a/gulliver/js/ext/min/ext-all.js b/gulliver/js/ext/min/ext-all.js index df4d5cb75..201d51449 100644 --- a/gulliver/js/ext/min/ext-all.js +++ b/gulliver/js/ext/min/ext-all.js @@ -13,6 +13,7 @@ this.warning=function(title,msg,fn){Ext.MessageBox.show({id:'warningMessageBox', this.error=function(title,msg,fn){Ext.MessageBox.show({id:'errorMessageBox',title:title,msg:msg,buttons:Ext.MessageBox.OK,animEl:'mb9',fn:fn!=undefined?fn:function(){},icon:Ext.MessageBox.ERROR});} this.notify=function(title,msg,type,time) {Ext.msgBoxSlider.msg(title,msg,type,time);} +this.escapeHtml=function(v){var pre=document.createElement('pre');var text=document.createTextNode(v);pre.appendChild(text);return pre.innerHTML;} this.getBrowser=function(){var browsersList=["opera","msie","firefox","chrome","safari","trident"],browserMeta=navigator.userAgent.toLowerCase(),name='Unknown',version='',screen={width:Ext.getBody().getViewSize().width,height:Ext.getBody().getViewSize().height};for(var i=0;i"+v+"";},align:"right"},{width:valueColumnWidth,dataIndex:"value",renderer:function(v){return""+v+"";}},{hidden:true,dataIndex:"section"}],autoHeight:true,columnLines:true,trackMouseOver:false,disableSelection:true,view:new Ext.grid.GroupingView({forceFit:true,headersDisabled:true,groupTextTpl:'{group}'}),loadMask:true});};this.cookie={create:function(name,value,days){if(days){var date=new Date();date.setTime(date.getTime()+(days*24*60*60*1000));var expires="; expires="+date.toGMTString();}else var expires="";document.cookie=name+"="+value+expires+"; path=/";},read:function(name){var nameEQ=name+"=";var ca=document.cookie.split(';');for(var i=0;ifileData['to']); $textcc = ''; @@ -399,10 +400,15 @@ class SpoolRun $this->fileData['envelope_to'][] = "$val"; } } + } elseif ($text != '') { $this->fileData['envelope_to'][] = "$text"; } else { - $this->fileData['envelope_to'] = Array(); + $this->fileData['envelope_to'] = []; + } + + if (empty($this->fileData['envelope_to'])){ + $this->updateSpoolError('Invalid address: ' . $text); } //CC @@ -417,7 +423,7 @@ class SpoolRun } elseif ($textcc != '') { $this->fileData['envelope_cc'][] = "$textcc"; } else { - $this->fileData['envelope_cc'] = Array(); + $this->fileData['envelope_cc'] = []; } //BCC @@ -432,7 +438,7 @@ class SpoolRun } elseif ($textbcc != '') { $this->fileData['envelope_bcc'][] = "$textbcc"; } else { - $this->fileData['envelope_bcc'] = Array(); + $this->fileData['envelope_bcc'] = []; } } @@ -520,36 +526,66 @@ class SpoolRun } } //To - foreach ($this->fileData['envelope_to'] as $sEmail) { - if (strpos($sEmail, '<') !== false) { - preg_match($this->longMailEreg, $sEmail, $matches); - $sTo = trim($matches[3]); - $sToName = trim($matches[1]); - $phpMailer->AddAddress($sTo, $sToName); + foreach ($this->fileData['envelope_to'] as $email) { + if (strpos($email, '<') !== false) { + preg_match($this->longMailEreg, $email, $matches); + $toAddress = ''; + if (!empty($matches[3])) { + $toAddress = trim($matches[3]); + } + $toName = ''; + if (!empty($matches[1])) { + $toName = trim($matches[1]); + } + if (!empty($toAddress)) { + $phpMailer->AddAddress($toAddress, $toName); + } else { + throw new Exception('Invalid address: ' . $email); + } } else { - $phpMailer->AddAddress($sEmail); + $phpMailer->AddAddress($email); } } //CC - foreach ($this->fileData['envelope_cc'] as $sEmail) { - if (strpos($sEmail, '<') !== false) { - preg_match($this->longMailEreg, $sEmail, $matches); - $sTo = trim($matches[3]); - $sToName = trim($matches[1]); - $phpMailer->AddCC($sTo, $sToName); + foreach ($this->fileData['envelope_cc'] as $email) { + if (strpos($email, '<') !== false) { + preg_match($this->longMailEreg, $email, $matches); + $ccAddress = ''; + if (!empty($matches[3])) { + $ccAddress = trim($matches[3]); + } + $ccName = ''; + if (!empty($matches[1])) { + $ccName = trim($matches[1]); + } + if (!empty($ccAddress)) { + $phpMailer->AddCC($ccAddress, $ccName); + } else { + throw new Exception('Invalid address: ' . $email); + } } else { - $phpMailer->AddCC($sEmail); + $phpMailer->AddCC($email); } } //BCC - foreach ($this->fileData['envelope_bcc'] as $sEmail) { - if (strpos($sEmail, '<') !== false) { - preg_match($this->longMailEreg, $sEmail, $matches); - $sTo = trim($matches[3]); - $sToName = trim($matches[1]); - $phpMailer->AddBCC($sTo, $sToName); + foreach ($this->fileData['envelope_bcc'] as $email) { + if (strpos($email, '<') !== false) { + preg_match($this->longMailEreg, $email, $matches); + $bccAddress = ''; + if (!empty($matches[3])) { + $bccAddress = trim($matches[3]); + } + $bccName = ''; + if (!empty($matches[1])) { + $bccName = trim($matches[1]); + } + if (!empty($bccAddress)) { + $phpMailer->AddBCC($bccAddress, $bccName); + } else { + throw new Exception('Invalid address: ' . $email); + } } else { - $phpMailer->AddBCC($sEmail); + $phpMailer->AddBCC($email); } } //IsHtml diff --git a/workflow/engine/methods/mails/emailsAjax.php b/workflow/engine/methods/mails/emailsAjax.php index f8fb1adf3..903c1275e 100644 --- a/workflow/engine/methods/mails/emailsAjax.php +++ b/workflow/engine/methods/mails/emailsAjax.php @@ -130,7 +130,6 @@ switch ($req) { $tasTitleDefault = G::LoadTranslation('ID_TASK_NOT_RELATED'); while ($result->next()) { $row = $result->getRow(); - $row['APP_MSG_FROM'] = htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8"); $row['APP_MSG_STATUS'] = ucfirst($row['APP_MSG_STATUS']); switch ($filterBy) { diff --git a/workflow/engine/templates/mails/emailList.js b/workflow/engine/templates/mails/emailList.js index 2b91ac7db..fe9f76865 100644 --- a/workflow/engine/templates/mails/emailList.js +++ b/workflow/engine/templates/mails/emailList.js @@ -44,7 +44,8 @@ Ext.onReady(function(){ } } metadata.attr = 'ext:qtip="' + data + '" style="'+ style +' white-space: normal; "'; - return data; + + return PMExt.escapeHtml(data); }; var dateFrom = new Ext.form.DateField({