Skip to content
This repository has been archived by the owner on Sep 10, 2021. It is now read-only.

Commit

Permalink
Escape variables in mail module
Browse files Browse the repository at this point in the history
  • Loading branch information
Jamie Snape committed Dec 8, 2014
1 parent 9148049 commit d249394
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions modules/mail/Notification.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,30 +80,30 @@ protected function handleSendMailMessage($params)
}

$mail = new Midas_Mail();
$mail->setFrom($this->Setting->getValueByName(MAIL_FROM_ADDRESS_KEY, $this->moduleName));
$mail->setFrom(htmlspecialchars($this->Setting->getValueByName(MAIL_FROM_ADDRESS_KEY, $this->moduleName), ENT_QUOTES, 'UTF-8'));

if (isset($params['bcc'])) {
$mail->addBcc($params['bcc']);
$mail->addBcc(htmlspecialchars($params['bcc'], ENT_QUOTES, 'UTF-8'));
}

if (isset($params['cc'])) {
$mail->addCc($params['cc']);
$mail->addCc(htmlspecialchars($params['cc'], ENT_QUOTES, 'UTF-8'));
}

if (isset($params['html'])) {
$mail->setBodyHtml($params['html']);
}

if (isset($params['subject'])) {
$mail->setSubject($params['subject']);
$mail->setSubject(htmlspecialchars($params['subject'], ENT_QUOTES, 'UTF-8'));
}

if (isset($params['text'])) {
$mail->setBodyText($params['text']);
$mail->setBodyText(htmlspecialchars($params['text'], ENT_QUOTES, 'UTF-8'));
}

if (isset($params['to'])) {
$mail->addTo($params['to']);
$mail->addTo(htmlspecialchars($params['to'], ENT_QUOTES, 'UTF-8'));
}

try {
Expand Down

0 comments on commit d249394

Please sign in to comment.