$start = $end+1;
$end = mime_match_parenthesis ($start, $structure);
/* add "forgotten" parent entities (alternative and relative) */
- if (strpos($ent_id, '0') || strpos($ent_id) == 0) {
+ if (strpos($ent_id, '0') || strpos($ent_id, '0') == 0) {
$str = substr($structure, $end+1 );
$startprop = strrpos($str,'(');
$endprop = strrpos($str,')');
$header = $message->header;
$type0 = strtolower($header->type0);
$type1 = strtolower($header->type1);
- $name = decodeHeader($header->name);
-
+ $name = '';
+ if (isset($header->name)) {
+ $name = decodeHeader($header->name);
+ }
if ($type0 =='message' && $type1 == 'rfc822') {
$filename = decodeHeader($message->header->filename);
$pos = $i + 1;
$tag = '';
while ($body{$pos} == ' ' || $body{$pos} == "\t" ||
- $body{$pos} == "\n" ) {
+ $body{$pos} == "\n") {
$pos ++;
}
while (strlen($tag) < 4 && $body{$pos} != ' ' &&
$body{$pos} != "\t" && $body{$pos} != "\n" &&
$pos < $j ) {
+ if ($body{$pos} == "<"){
+ $tag = '';
+ $pos++;
+ }
$tag .= $body{$pos};
$pos ++;
}
while ( $body{$i} <> '>' &&
$i < $j ) {
+ /**
+ * [ 545933 ] Cross-site scripting vulnerability
+ * <hr>
+ * <img x="<foo>" src=javascript:alert(1) y="</foo>">
+ * <hr>
+ *
+ * This code will ignore anything within the quotes
+ * so they don't mess us up.
+ */
+ if ( $body{$i} == '"' || $body{$i} == "'" ){
+ $quotechar = $body{$i};
+ do {
+ $ret .= $body{$i};
+ $i++;
+ } while ($body{$i} != $quotechar && $i < $j);
+ }
$etg = strtolower($body{$i}.$body{$i+1}.$body{$i+2});
switch( $etg ) {
case 'src':