From: kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sat, 10 Dec 2005 12:53:41 +0000 (+0000)
Subject: sanitize server error messages in read_body aswell
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=14290549e352a59258a98e8179474fe2b5926fe8;p=squirrelmail.git

sanitize server error messages in read_body aswell


git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10452 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/src/read_body.php b/src/read_body.php
index de7b9c43..eeb8d8c0 100644
--- a/src/read_body.php
+++ b/src/read_body.php
@@ -262,9 +262,9 @@ function SendMDN ( $mailbox, $passed_id, $sender, $message, $imapConnection) {
         $success = $deliver->finalizeStream($stream);
     }
     if (!$success) {
-        $msg  = $deliver->dlv_msg . '<br />' .
-                _("Server replied:") . ' ' . $deliver->dlv_ret_nr . ' ' .
-                $deliver->dlv_server_msg;
+        $msg  = htmlspecialchars($deliver->dlv_msg) . '<br />' .
+                _("Server replied:") . ' ' . htmlspecialchars($deliver->dlv_ret_nr . ' ' .
+                $deliver->dlv_server_msg);
         require_once(SM_PATH . 'functions/display_messages.php');
         plain_error_message($msg, $color);
     } else {