projects / squirrelmail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fd7ab79)
sanitize server error messages in read_body aswell
authorkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sat, 10 Dec 2005 12:53:41 +0000 (12:53 +0000)
committerkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sat, 10 Dec 2005 12:53:41 +0000 (12:53 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10452 7612ce4b-ef26-0410-bec9-ea0150e637f0

src/read_body.php patch | blob | blame | history

diff --git a/src/read_body.php b/src/read_body.php
index de7b9c43a480084b35c73b3166dc44351b0b4282..eeb8d8c043c1eab1a3557069cb83b6efd14247bf 100644 (file)
--- a/src/read_body.php
+++ b/src/read_body.php
@@ -262,9 +262,9 @@ function SendMDN ( $mailbox, $passed_id, $sender, $message, $imapConnection) {
         $success = $deliver->finalizeStream($stream);
     }
     if (!$success) {
-        $msg  = $deliver->dlv_msg . '<br />' .
-                _("Server replied:") . ' ' . $deliver->dlv_ret_nr . ' ' .
-                $deliver->dlv_server_msg;
+        $msg  = htmlspecialchars($deliver->dlv_msg) . '<br />' .
+                _("Server replied:") . ' ' . htmlspecialchars($deliver->dlv_ret_nr . ' ' .
+                $deliver->dlv_server_msg);
         require_once(SM_PATH . 'functions/display_messages.php');
         plain_error_message($msg, $color);
     } else {
Unnamed repository; edit this file 'description' to name the repository.