From 667e38ff0c42e6ed30f706ac3f25b2eea162e70a Mon Sep 17 00:00:00 2001
From: Francis Lachapelle <flachapelle@inverse.ca>
Date: Thu, 11 Jun 2015 13:14:19 -0400
Subject: [PATCH] (fix) Escaping of unexpected characters in emails

Properly encode characters in DOM attributes.

Fixes #3241
---
 UI/Contacts/UIxContactView.m | 39 +++++++++++++++++++++++-------------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/UI/Contacts/UIxContactView.m b/UI/Contacts/UIxContactView.m
index 259a518e9..4a4541794 100644
--- a/UI/Contacts/UIxContactView.m
+++ b/UI/Contacts/UIxContactView.m
@@ -1,6 +1,6 @@
 /*
   Copyright (C) 2004 SKYRIX Software AG
-  Copyright (C) 2005-2014 Inverse inc.
+  Copyright (C) 2005-2015 Inverse inc.
 
   This file is part of SOGo.
  
@@ -138,9 +138,13 @@
   if ([email length] > 0)
     {
       fn = [card fn];
-      fn = [fn stringByReplacingString: @"\""  withString: @""];
-      fn = [fn stringByReplacingString: @"'"  withString: @"\\\'"];
-      attrs = [NSString stringWithFormat: @"onclick=\"return openMailTo('%@ <%@>');\"", fn, email];
+      if ([fn length] > 0)
+        attrs = [NSString stringWithFormat: @"%@ <%@>", fn, email];
+      else
+        attrs = email;
+      attrs = [attrs stringByReplacingString: @"'"  withString: @"\\'"];
+      attrs = [attrs stringByReplacingString: @"\""  withString: @"\\\""];
+      attrs = [NSString stringWithFormat: @"onclick=\"return openMailTo('%@');\"", attrs];
     }
   else
     {
@@ -181,16 +185,23 @@
       for (i = 0; i < [emails count]; i++)
 	{
 	  email = [[emails objectAtIndex: i] flattenedValuesForKey: @""];
-          fn = [card fn];
-          fn = [fn stringByReplacingString: @"\""  withString: @""];
-          fn = [fn stringByReplacingString: @"'"  withString: @"\\\'"];
-          attrs = [NSString stringWithFormat: @"onclick=\"return openMailTo('%@ <%@>');\"", fn, email];
-          
-          [secondaryEmails addObject: [self _cardStringWithLabel: nil
-                                                           value: email
-                                            byEscapingHTMLString: YES
-                                                    asLinkScheme: @"mailto:"
-                                              withLinkAttributes: attrs]];
+          if ([email length])
+            {
+              fn = [card fn];
+              if ([fn length])
+                attrs = [NSString stringWithFormat: @"%@ <%@>", fn, email];
+              else
+                attrs = email;
+              attrs = [attrs stringByReplacingString: @"'"  withString: @"\\'"];
+              attrs = [attrs stringByReplacingString: @"\""  withString: @"\\\""];
+              attrs = [NSString stringWithFormat: @"onclick=\"return openMailTo('%@');\"", attrs];
+
+              [secondaryEmails addObject: [self _cardStringWithLabel: nil
+                                                               value: email
+                                                byEscapingHTMLString: YES
+                                                        asLinkScheme: @"mailto:"
+                                                  withLinkAttributes: attrs]];
+            }
         }
     }
   else