From: tassium <tassium@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Thu, 23 Jan 2003 22:12:26 +0000 (+0000)
Subject: Fixes XSS bug in mailbox_display with malicious From: headers.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=93adbabb4992b2880957109584ea0be68e485c3b;p=squirrelmail.git

Fixes XSS bug in mailbox_display with malicious From: headers.
Thanks to sailfrog for finding this one!


git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4462 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/functions/mailbox_display.php b/functions/mailbox_display.php
index 8861f11c..f5cdda61 100644
--- a/functions/mailbox_display.php
+++ b/functions/mailbox_display.php
@@ -155,7 +155,7 @@ function printMessageInfo($imapConnection, $t, $not_last=true, $key, $mailbox,
                 break;
             case 2: /* from */
                 echo html_tag( 'td',
-                               $italic . $bold . $flag . $fontstr . $senderName .
+                               $italic . $bold . $flag . $fontstr . htmlentities($senderName) .
                                $fontstr_end . $flag_end . $bold_end . $italic_end,
                                'left',
                                $hlt_color );