From 472a99ff00da3e935564a4fb98ed3fc187c5421d Mon Sep 17 00:00:00 2001 From: emericklaw Date: Fri, 3 May 2019 13:31:10 +0100 Subject: [PATCH 1/2] Handle mobileconfig display names with special characters If the account display name contained special characters like & the mobileconfig would fail to import on the iOS device. --- data/web/mobileconfig.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/web/mobileconfig.php b/data/web/mobileconfig.php index ade4f606..abdf2cb8 100644 --- a/data/web/mobileconfig.php +++ b/data/web/mobileconfig.php @@ -22,7 +22,7 @@ try { $stmt = $pdo->prepare("SELECT `name` FROM `mailbox` WHERE `username`= :username"); $stmt->execute(array(':username' => $email)); $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); - $displayname = empty($MailboxData['name']) ? $email : $MailboxData['name']; + $displayname = htmlspecialchars(empty($MailboxData['name']) ? $email : $MailboxData['name']); } catch(PDOException $e) { $displayname = $email; From 12d46cf072875a7703681765db3c092f951edd3e Mon Sep 17 00:00:00 2001 From: emericklaw Date: Fri, 3 May 2019 17:54:33 +0100 Subject: [PATCH 2/2] Updated to not convert quotes I missed using ENT_NOQUOTES since XML only needs & and <> to be replaced in tags, spotted by @mkuron --- data/web/mobileconfig.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/web/mobileconfig.php b/data/web/mobileconfig.php index abdf2cb8..38b249c6 100644 --- a/data/web/mobileconfig.php +++ b/data/web/mobileconfig.php @@ -22,7 +22,7 @@ try { $stmt = $pdo->prepare("SELECT `name` FROM `mailbox` WHERE `username`= :username"); $stmt->execute(array(':username' => $email)); $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); - $displayname = htmlspecialchars(empty($MailboxData['name']) ? $email : $MailboxData['name']); + $displayname = htmlspecialchars(empty($MailboxData['name']) ? $email : $MailboxData['name'], ENT_NOQUOTES); } catch(PDOException $e) { $displayname = $email;