projects
/
squirrelmail.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Fixed XSS vulnarability in decodeHeader function spotted by Joost Pol
[squirrelmail.git]
/
functions
/
mime.php
diff --git
a/functions/mime.php
b/functions/mime.php
index 7bacc8625658c2136a934e44a7b2fef7d467dc3e..ca700c83cfa520a6f814219d9842fa1478b83218 100644
(file)
--- a/
functions/mime.php
+++ b/
functions/mime.php
@@
-659,7
+659,11
@@
function decodeHeader ($string, $utfencode=true,$htmlsave=true,$decide=false) {
}
$iLastMatch = $i;
$j = $i;
- $ret .= $res[1];
+ if ($htmlsave) {
+ $ret .= htmlspecialchars($res[1]);
+ } else {
+ $ret .= $res[1];
+ }
$encoding = ucfirst($res[3]);
/* decide about valid decoding */