From: stekkel <stekkel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sun, 23 May 2004 16:09:48 +0000 (+0000)
Subject: Fixed XSS vulnarability spotted by "Roman Medina" after a very thorough
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=42ce44f8b58a0c3ed14c7a38b054743239c1352c;p=squirrelmail.git

Fixed XSS vulnarability spotted by "Roman Medina" after a very thorough
research of the SquirrelMail source. I was impressed.


git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7529 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/functions/mime.php b/functions/mime.php
index 35892b7b..3c2a532b 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -526,7 +526,7 @@ function formatAttachments($message, $exclude_id, $mailbox, $id) {
                         '<A HREF="'.$defaultlink.'">'.decodeHeader($display_filename).'</A>&nbsp;</TD>' .
                         '<TD><SMALL><b>' . show_readable_size($header->size) .
                         '</b>&nbsp;&nbsp;</small></TD>' .
-                        "<TD><SMALL>[ $type0/$type1 ]&nbsp;</SMALL></TD>" .
+                        '<TD><SMALL>[ '.htmlspecialchars($type0).'/'.htmlspecialchars($type1).' ]&nbsp;</SMALL></TD>' .
                         '<TD><SMALL>';
         $attachments .= '<b>' . $description . '</b>';
         $attachments .= '</SMALL></TD><TD><SMALL>&nbsp;';
@@ -558,7 +558,7 @@ function sqimap_base64_decode(&$string) {
     // remove the noise in order to check if the 4 bytes pairs are complete
     $string = str_replace(array("\r\n","\n", "\r", " "),array('','','',''),$string);
 
-    $sStringRem = '';    
+    $sStringRem = '';
     $iMod = strlen($string) % 4;
     if ($iMod) {
         $sStringRem = substr($string,-$iMod);