X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Ffunctions.php;h=dc31759fc8479eee9c9f1b4719ba81aec2a0f2a1;hb=17b79f707a3470590e0444e86efad5d951e66696;hp=0d11b7f068a7c2b06f0409adfcabe0e0710e16aa;hpb=aaf81b8f35512782d34f78c1a0dac8b42d745393;p=mailer.git

diff --git a/inc/functions.php b/inc/functions.php
index 0d11b7f068..dc31759fc8 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -184,7 +184,7 @@ function compileFinalOutput () {
 // Output the raw HTML code
 function outputRawCode ($htmlCode) {
 	// Output stripped HTML code to avoid broken JavaScript code, etc.
-	print($htmlCode);
+	print(str_replace('{BACK}', "\\", $htmlCode));
 
 	// Flush the output if only getPhpCaching() is not 'on'
 	if (getPhpCaching() != 'on') {
@@ -288,20 +288,20 @@ function loadTemplate ($template, $return = false, $content = array()) {
 				// Normal HTML output?
 				if (getOutputMode() == '0') {
 					// Add surrounding HTML comments to help finding bugs faster
-					$ret = "<!-- Template " . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . "<!-- Template " . $template . " - End -->\n";
+					$ret = '<!-- Template ' . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . '<!-- Template ' . $template . " - End -->\n";
 
 					// Prepare eval() command
 					$eval = '$ret = "' . compileCode(escapeQuotes($ret)) . '";';
 				} elseif (substr($template, 0, 3) == 'js_') {
 					// JavaScripts don't like entities and timings
-					$eval = '$ret = decodeEntities("' . compileRawCode(escapeQuotes($GLOBALS['tpl_content'])) . '");';
+					$eval = '$ret = decodeEntities("' . compileRawCode(escapeJavaScriptQuotes($GLOBALS['tpl_content'])) . '");';
 				} else {
-					// Prepare eval() command
-					$eval = '$ret = "' . compileCode(escapeQuotes($GLOBALS['tpl_content'])) . '";';
+					// Prepare eval() command, other output doesn't like entities, maybe
+					$eval = '$ret = decodeEntities("' . compileRawCode(escapeQuotes($GLOBALS['tpl_content'])) . '");';
 				}
 			} else {
 				// Add surrounding HTML comments to help finding bugs faster
-				$ret = "<!-- Template " . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . "<!-- Template " . $template . " - End -->\n";
+				$ret = '<!-- Template ' . $template . " - Start -->\n" . $GLOBALS['tpl_content'] . '<!-- Template ' . $template . " - End -->\n";
 				$eval = '$ret = "' . escapeQuotes($ret) . '";';
 			} // END - if
 
@@ -529,7 +529,7 @@ function sendEmail ($toEmail, $subject, $message, $isHtml = 'N', $mailHeader = '
 	//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):TO={$toEmail},SUBJECT={$subject}<br />");
 
 	// Compile subject line (for POINTS constant etc.)
-	eval("\$subject = decodeEntities(\"".compileRawCode(escapeQuotes($subject))."\");");
+	eval("\$subject = decodeEntities(\"".compileCode(escapeQuotes($subject))."\");");
 
 	// Set from header
 	if ((!eregi('@', $toEmail)) && ($toEmail > 0)) {
@@ -575,10 +575,10 @@ function sendEmail ($toEmail, $subject, $message, $isHtml = 'N', $mailHeader = '
 	}
 
 	// Compile "TO"
-	eval("\$toEmail = \"".compileRawCode(escapeQuotes($toEmail))."\";");
+	eval("\$toEmail = \"".compileCode(escapeQuotes($toEmail))."\";");
 
 	// Compile "MSG"
-	eval("\$message = \"".compileRawCode(escapeQuotes($message))."\";");
+	eval("\$message = \"".compileCode(escapeQuotes($message))."\";");
 
 	// Fix HTML parameter (default is no!)
 	if (empty($isHtml)) $isHtml = 'N';
@@ -1076,13 +1076,13 @@ function compileRawCode ($code, $simple = false, $constants = true, $full = true
 				// Replace it in the code
 				//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):key={$key},match={$match}<br />");
 				$newMatch = str_replace('[', "['", str_replace(']', "']", $match));
-				$code = str_replace($match, "\"." . $newMatch.".\"", $code);
+				$code = str_replace($match, '".' . $newMatch . '."', $code);
 				$matchesFound[$key . '_' . $matches[4][$key]] = 1;
 				$matchesFound[$match] = 1;
 			} elseif (!isset($matchesFound[$match])) {
 				// Not yet replaced!
 				//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):match={$match}<br />");
-				$code = str_replace($match, "\"." . $match.".\"", $code);
+				$code = str_replace($match, '".' . $match . '."', $code);
 				$matchesFound[$match] = 1;
 			}
 		} // END - foreach
@@ -3565,7 +3565,7 @@ function linenumberCode ($code)    {
 		$r .= '</span>|';
 
 		// Add code
-		$r .= '<span class="linetext">' . secureString($c) . '</span></div>';
+		$r .= '<span class="linetext">' . htmlentities($c) . '</span></div>';
 	}
 
 	return '<div class="code">' . $r . '</div>';
@@ -3684,14 +3684,23 @@ function escapeQuotes ($str, $single = false) {
 		// Escape all (including null)
 		$str = addslashes($str);
 	} else {
-		// Escape only double-quotes
-		$str = str_replace('"', "\\\"", $str);
+		// Escape only double-quotes but prevent double-quoting
+		$str = str_replace("\\\\", "\\", str_replace('"', "\\\"", $str));
 	}
 
 	// Return the escaped string
 	return $str;
 }
 
+// Escapes the JavaScript code, prevents \r and \n becoming char 10/13
+function escapeJavaScriptQuotes ($str) {
+	// Replace all double-quotes and secure back-ticks
+	$str = str_replace('"', '\"', str_replace("\\", '{BACK}', $str));
+
+	// Return it
+	return $str;
+}
+
 //////////////////////////////////////////////////
 // AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS //
 //////////////////////////////////////////////////
@@ -3707,7 +3716,7 @@ if (!function_exists('html_entity_decode')) {
 
 if (!function_exists('http_build_query')) {
 	// Taken from documentation on www.php.net, credits to Marco K. (Germany)
-	function http_build_query($data, $prefix='', $sep='', $key='') {
+	function http_build_query($data, $prefix = '', $sep = '', $key = '') {
 		$ret = array();
 		foreach ((array)$data as $k => $v) {
 			if (is_int($k) && $prefix != null) {
@@ -3727,7 +3736,7 @@ if (!function_exists('http_build_query')) {
 
 		return implode($sep, $ret);
 	}
-}// // END - if
+} // END - if
 
 // [EOF]
 ?>