From: pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Tue, 26 May 2009 18:05:35 +0000 (+0000)
Subject: QUERY_STRING is already sanitized
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=d20a8181018f8fdb86411d57fdbf952115a20925;p=squirrelmail.git

QUERY_STRING is already sanitized

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13767 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/functions/attachment_common.php b/functions/attachment_common.php
index ae64c0b5..35038eeb 100644
--- a/functions/attachment_common.php
+++ b/functions/attachment_common.php
@@ -148,7 +148,7 @@ function attachment_common_link_text(&$Args) {
     sqgetGlobalVar('QUERY_STRING', $QUERY_STRING, SQ_SERVER);
 
     // if htmlspecialchars() breaks something - find other way to encode & in url.
-    $Args[0]['attachment_common']['href'] = $base_uri  . 'src/view_text.php?'. htmlspecialchars($QUERY_STRING);
+    $Args[0]['attachment_common']['href'] = $base_uri  . 'src/view_text.php?'. $QUERY_STRING;
     $Args[0]['attachment_common']['href'] =
           set_url_var($Args[0]['attachment_common']['href'],
           'ent_id',$Args[4]);
@@ -192,7 +192,7 @@ function attachment_common_link_html(&$Args) {
     global $base_uri;
     sqgetGlobalVar('QUERY_STRING', $QUERY_STRING, SQ_SERVER);
 
-    $Args[0]['attachment_common']['href'] = $base_uri  . 'src/view_text.php?'. htmlspecialchars($QUERY_STRING).
+    $Args[0]['attachment_common']['href'] = $base_uri  . 'src/view_text.php?'. $QUERY_STRING.
         /* why use the overridetype? can this be removed */
         /* override_type might be needed only when we want view other type of messages as html */
        '&amp;override_type0=text&amp;override_type1=html';