From f4aa091b80e36522706832adafe7264d7796dd7b Mon Sep 17 00:00:00 2001
From: Antonin <zepcome@gmail.com>
Date: Mon, 2 May 2016 17:44:14 +0200
Subject: [PATCH] Adapting html escape for emails

---
 app/classes/Framadate/Utils.php |  4 ++++
 create_classic_poll.php         | 13 +++++--------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/app/classes/Framadate/Utils.php b/app/classes/Framadate/Utils.php
index 50d117cb..f7003ba4 100644
--- a/app/classes/Framadate/Utils.php
+++ b/app/classes/Framadate/Utils.php
@@ -190,6 +190,10 @@ class Utils {
         return htmlentities($html, ENT_HTML5 | ENT_QUOTES);
     }
 
+    public static function htmlMailEscape($html) {
+        return htmlspecialchars($html, ENT_HTML5 | ENT_QUOTES, 'UTF-8');
+    }
+
     public static function csvEscape($text) {
         $escaped = str_replace('"', '""', $text);
         $escaped = str_replace("\r\n", '', $escaped);
diff --git a/create_classic_poll.php b/create_classic_poll.php
index 5ae301e5..9a15a83d 100644
--- a/create_classic_poll.php
+++ b/create_classic_poll.php
@@ -100,18 +100,15 @@ if (empty($_SESSION['form']->title) || empty($_SESSION['form']->admin_name) || (
         if ($config['use_smtp'] === true) {
             $message = __('Mail', "This is the message you have to send to the people you want to poll. \nNow, you have to send this message to everyone you want to poll.");
             $message .= '<br/><br/>';
-            $message .= Utils::htmlEscape($_SESSION['form']->admin_name) . ' ' . __('Mail', 'hast just created a poll called') . ' : "' . Utils::htmlEscape($_SESSION['form']->title) . '".<br/>';
-            $message .= __('Mail', 'Thanks for filling the poll at the link above') . ' :<br/><br/><a href="%1$s">%1$s</a>';
+            $message .= Utils::htmlMailEscape($_SESSION['form']->admin_name) . ' ' . __('Mail', 'hast just created a poll called') . ' : "' . Utils::htmlMailEscape($_SESSION['form']->title) . '".<br/>';
+            $message .= sprintf(__('Mail', 'Thanks for filling the poll at the link above') . ' :<br/><br/><a href="%1$s">%1$s</a>', Utils::getUrlSondage($poll_id));
 
             $message_admin = __('Mail', "This message should NOT be sent to the polled people. It is private for the poll's creator.\n\nYou can now modify it at the link above");
-            $message_admin .= ' :<br/><br/><a href="%1$s">%1$s</a>';
-
-            $message = sprintf($message, Utils::getUrlSondage($poll_id));
-            $message_admin = sprintf($message_admin, Utils::getUrlSondage($admin_poll_id, true));
+            $message_admin .= sprintf(' :<br/><br/><a href="%1$s">%1$s</a>', Utils::getUrlSondage($admin_poll_id, true));
 
             if ($mailService->isValidEmail($_SESSION['form']->admin_mail)) {
-                $mailService->send($_SESSION['form']->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'Author\'s message') . '] ' . __('Generic', 'Poll') . ': ' . Utils::htmlEscape($_SESSION['form']->title), $message_admin);
-                $mailService->send($_SESSION['form']->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'For sending to the polled users') . '] ' . __('Generic', 'Poll') . ': ' . Utils::htmlEscape($_SESSION['form']->title), $message);
+                $mailService->send($_SESSION['form']->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'Author\'s message') . '] ' . __('Generic', 'Poll') . ': ' . $_SESSION['form']->title, $message_admin);
+                $mailService->send($_SESSION['form']->admin_mail, '[' . NOMAPPLICATION . '][' . __('Mail', 'For sending to the polled users') . '] ' . __('Generic', 'Poll') . ': ' . $_SESSION['form']->title, $message);
             }
         }
 
-- 
GitLab