Fixed XSS vulnarability spotted by "Roman Medina" after a very thorough

research of the SquirrelMail source. I was impressed.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7529 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/functions/mime.php b/functions/mime.php
index 35892b7b9ee0b33c103057cffd59925f41669657..3c2a532b5d7da1dd5b790df1cefd24dfd37bb103 100644 (file)
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -526,7 +526,7 @@ function formatAttachments($message, $exclude_id, $mailbox, $id) {
                         '<A HREF="'.$defaultlink.'">'.decodeHeader($display_filename).'</A>&nbsp;</TD>' .
                         '<TD><SMALL><b>' . show_readable_size($header->size) .
                         '</b>&nbsp;&nbsp;</small></TD>' .
-                        "<TD><SMALL>[ $type0/$type1 ]&nbsp;</SMALL></TD>" .
+                        '<TD><SMALL>[ '.htmlspecialchars($type0).'/'.htmlspecialchars($type1).' ]&nbsp;</SMALL></TD>' .
                         '<TD><SMALL>';
         $attachments .= '<b>' . $description . '</b>';
         $attachments .= '</SMALL></TD><TD><SMALL>&nbsp;';
@@ -558,7 +558,7 @@ function sqimap_base64_decode(&$string) {
     // remove the noise in order to check if the 4 bytes pairs are complete
     $string = str_replace(array("\r\n","\n", "\r", " "),array('','','',''),$string);
 
-    $sStringRem = '';    
+    $sStringRem = '';
     $iMod = strlen($string) % 4;
     if ($iMod) {
         $sStringRem = substr($string,-$iMod);