diff options
Diffstat (limited to 'vendor/smarty/smarty/libs/plugins/function.mailto.php')
-rw-r--r-- | vendor/smarty/smarty/libs/plugins/function.mailto.php | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/vendor/smarty/smarty/libs/plugins/function.mailto.php b/vendor/smarty/smarty/libs/plugins/function.mailto.php index 834d0535a..671ac0694 100644 --- a/vendor/smarty/smarty/libs/plugins/function.mailto.php +++ b/vendor/smarty/smarty/libs/plugins/function.mailto.php @@ -48,8 +48,13 @@ */ function smarty_function_mailto($params) { - static $_allowed_encoding = - array('javascript' => true, 'javascript_charcode' => true, 'hex' => true, 'none' => true); + static $_allowed_encoding = [ + 'javascript' => true, + 'javascript_charcode' => true, + 'hex' => true, + 'none' => true + ]; + $extra = ''; if (empty($params[ 'address' ])) { trigger_error("mailto: missing 'address' parameter", E_USER_WARNING); @@ -57,19 +62,19 @@ function smarty_function_mailto($params) } else { $address = $params[ 'address' ]; } + $text = $address; + // netscape and mozilla do not decode %40 (@) in BCC field (bug?) // so, don't encode it. - $search = array('%40', '%2C'); - $replace = array('@', ','); - $mail_parms = array(); + $mail_parms = []; foreach ($params as $var => $value) { switch ($var) { case 'cc': case 'bcc': case 'followupto': if (!empty($value)) { - $mail_parms[] = $var . '=' . str_replace($search, $replace, rawurlencode($value)); + $mail_parms[] = $var . '=' . str_replace(['%40', '%2C'], ['@', ','], rawurlencode($value)); } break; case 'subject': @@ -83,6 +88,7 @@ function smarty_function_mailto($params) default: } } + if ($mail_parms) { $address .= '?' . join('&', $mail_parms); } @@ -94,19 +100,21 @@ function smarty_function_mailto($params) ); return; } + + $string = '<a href="mailto:' . htmlspecialchars($address, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) . + '" ' . $extra . '>' . htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) . '</a>'; + if ($encode === 'javascript') { - $string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; $js_encode = ''; for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { $js_encode .= '%' . bin2hex($string[ $x ]); } return '<script type="text/javascript">document.write(unescape(\'' . $js_encode . '\'))</script>'; } elseif ($encode === 'javascript_charcode') { - $string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { $ord[] = ord($string[ $x ]); } - return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>'; + return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>'; } elseif ($encode === 'hex') { preg_match('!^(.*)(\?.*)$!', $address, $match); if (!empty($match[ 2 ])) { @@ -129,6 +137,6 @@ function smarty_function_mailto($params) return '<a href="' . $mailto . $address_encode . '" ' . $extra . '>' . $text_encode . '</a>'; } else { // no encoding - return '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; + return $string; } } |