X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fmime.php;h=9d479dcaab151dd8c28f86cc36d846c11020bcc8;hb=ad2f0b546afcb978ee67ef25332cf4f12c363892;hp=a08920ca252b681759f5d6068e8268f653103a55;hpb=1d398b1de56b0695e1a8dd26621f5be9399a9669;p=squirrelmail.git

diff --git a/functions/mime.php b/functions/mime.php
index a08920ca..9d479dca 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -6,7 +6,7 @@
  * This contains the functions necessary to detect and decode MIME
  * messages.
  *
- * @copyright 1999-2011 The SquirrelMail Project Team
+ * @copyright 1999-2012 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -2011,7 +2011,12 @@ function sq_fix_url($attname, &$attvalue, $message, $id, $mailbox,$sQuote = '"')
                         break;
                 }
             } else {
-                if (!(isset($aUrl['path']) && $aUrl['path'] == $secremoveimg)) {
+                // anchors are OK
+                // FIXME: can there be abuse of anchors here?
+                // FIXME: stop anchors from opening in another window
+                if (!isset($aUrl['path']) && !empty($aUrl['fragment'])) {
+                }
+                else if (!isset($aUrl['path']) || $aUrl['path'] != $secremoveimg) {
                     // parse_url did not lead to satisfying result
                     $attvalue = $sQuote . SM_PATH . 'images/blank.png' . $sQuote;
                 }